Summary
Question
Single Sign On (SSO) has been implemented and when trying to access webtier you get the login screen asking to provide your user name and password. Expectation is to bypass the login screen
Answer
Three possible root cause for this issue
1- isCustomAuthenticationUsed should be set to false in the web.xml file
2- tomcatAuthentication="false" should be set in the tomcat server.xml
3- Webserver such as apache not sending the remote user authentication information to the webserver
Root cause 1:
• Stop tomcat
• Locate the web.xml file from the <tomcat>\webapps\webtier\WEB-INF folder
• Set isCustomAuthenticationUsed to false
• Save and restart tomcat
Root cause 2:
• Stop tomcat
• Locate the server.xml file from the <tomcat>\conf folder
• Do the following change:
• from
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
• to
<Connector port="8009" tomcatAuthentication="false" protocol="AJP/1.3" redirectPort="8443" />
Root cause 3:
• Stop tomcat
• Upload the attached diagnostic.jsp file into the tomcat webtier folder (<tomcat>\webapps\webtier)
• Delete tomcat cache (<tomcat>\webapps\work)
If you are using 950 or higher.
• locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes
Search this entry <sec:filter-chain pattern="/goodbye.jsp" filters="none"/> and next line add this entry:
<sec:filter-chain pattern="/diagnostic.jsp" filters="none"/>
• Restart tomcat
If you are using SM94x
• locate the application-context.xml file from: <tomcat>\webapps\webtier\WEB-INF\classes
• search this entry: /goodbye.jsp=#NONE# and next line add this entry:
/diagnostic.jsp=#NONE#
• Restart tomcat
• Access the webtier via the following URL: http://xxxx/webtier/diagnostic.jsp
Result: The diagnostic.jsp script will run a script which will help to confirm whatever or not the remote user authentication data is send to tomcat
If you get the message: "Not authenticated - webserver is not sending remote user info to the application server" then a review of all your apache configuration files is required