Message Class

See more details of the found SAP objects:

More related threads:

» more related threads
» See all 0 related threads
Dec 11 28

BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

22:16 // Phillip Putzback

Everything in the "Configuring Vintela SSO in distributed Environments =- Complete Guide" went relatively smoothly until I had to edit the web.xml. The first problem was that the guide didn't tell me where to find the web.xml. Luckily at http://geek2live.net/page/4/ Step 15 I found a path. Then once I uncommented the authfilter section I got the 404 error.

What can I post here to help troubleshoot this issue?

Thanks,

Phil

 
Dec 11 28

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

23:44 // Arjun Venkateswarlu

Hi Pap,

We had the same issue in BOBJ 3.1 SP 3.6.

In Authfilter for "IDM.PRINC" instead of using "BOSSO/<SERVICENAME> just use the service name.

Thanks,

Sravanthi.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

15:27 // Phillip Putzback

I wasnt to verify a couple other settings. Loction and the idm.keytab parameter.

Here are the two locations for the web.xml file I have been keeping in synch:

Program Files (x86)\Business Objects\BusinessObjects Enterprise 12.0\warfiles\WebApps\InfoViewApp\WEB-INF\web.xml

and

Program Files (x86)\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF

Also do I need to enable the idm.keytab. Right now I have it commented out,

<init-param>

        <param-name>idm.keytab</param-name>

        <param-value>C:\WINNT\HostMachineName-svc_BOECMS_TST.keytab</param-value>

</init-param>

Thanks,

Phil

Edited by: PAPutzback on Dec 29, 2011 3:27 PM

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

15:33 // Arjun Venkateswarlu

Hi,

Can you please paste your web.xml which is in Tomcat ?

Thanks,

Sravanthi

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

15:29 // Phillip Putzback

I still have the keytab commented out but the change to the idm.principal has caused this error tot repalce the 404 error:

HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

-


Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:11 // Phillip Putzback

<context-param>

        <param-name>cms.default</param-name>

        <param-value>ETBO1:6400</param-value>

    </context-param>

    <context-param>

        <param-name>cms.visible</param-name>

        <param-value>true</param-value>

    </context-param>

<context-param>

        <param-name>authentication.default</param-name>

        <param-value>secwinAD</param-value>

    </context-param>

    <context-param>

        <param-name>authentication.visible</param-name>

        <param-value>true</param-value>

    </context-param>

    <context-param>

        <param-name>siteminder.enabled</param-name>

        <param-value>false</param-value>

    </context-param>

<context-param>

        <param-name>siteminder.authentication</param-name>

        <param-value>secWinAD</param-value>

    </context-param>

<context-param>

        <param-name>vintela.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

    <context-param>

        <param-name>sso.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

    <context-param>

        <param-name>sso.sap.primary</param-name>

        <param-value>true</param-value>

    </context-param>

    <context-param>

        <param-name>logontoken.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

    <context-param>

        <param-name>persistentcookies.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

<context-param>

        <param-name>trusted.auth.user.retrieval</param-name>

        <param-value>USER_PRINCIPAL</param-value>

    </context-param>

    <context-param>

        <param-name>trusted.auth.user.param</param-name>

        <param-value></param-value>

    </context-param>

     <context-param>

        <param-name>trusted.auth.shared.secret</param-name>

        <param-value></param-value>

    </context-param>

    <context-param>

        <param-name>config.logon.service.context</param-name>

        <param-value></param-value>

    </context-param>

    <context-param>

        <param-name>config.logon.service.url</param-name>

        <param-value></param-value>

    </context-param>

<context-param>

        <param-name>SMTPFrom</param-name>

        <param-value>true</param-value>

    </context-param>

    <context-param>

        <param-name>url.error</param-name>

        <param-value>/jsp/common/error.jsp</param-value>

    </context-param>

    <context-param>

        <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>

        <param-value>com.businessobjects.infoview.ApplicationResources</param-value>

    </context-param>

    <context-param>

        <param-name>distributable</param-name>

        <param-value>true</param-value>

    </context-param>

      <context-param>

        <param-name>path.rightFrame</param-name>

        <param-value>1</param-value>

    </context-param>

    <filter>

        <filter-name>EncodingFilter</filter-name>

        <filter-class>com.businessobjects.webutil.encoding.EncodingFilter</filter-class>

    </filter>

    <filter>

        <filter-name>ApplicationServiceCacheControlFilter</filter-name>

        <filter-class>com.businessobjects.webutil.caching.ApplicationServiceCacheControlFilter</filter-class>

    </filter>

    <filter>

        <filter-name>CacheControlFilter</filter-name>

        <filter-class>com.businessobjects.webutil.caching.CacheControlFilter</filter-class>

    </filter>

    <filter>

        <filter-name>authFilter</filter-name>

        <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

        <init-param>

            <param-name>idm.realm</param-name>

            <param-value>CAL.COMMUNITY.COM</param-value>

        </init-param>

        <init-param>

            <param-name>idm.princ</param-name>

            <param-value>svc_BOECMS_TST</param-value>

        </init-param>

<!--

      <init-param>

        <param-name>idm.keytab</param-name>

        <param-value>C:\WINNT\HostMachineName-svc_BOECMS_TST.keytab</param-value>

      </init-param>

-->

<init-param>

  <param-name>idm.allowUnsecured</param-name>

  <param-value>true</param-value>

</init-param>

<init-param>

  <param-name>idm.allowNTLM</param-name>

  <param-value>false</param-value>

</init-param>

<init-param>

  <param-name>idm.logger.name</param-name>

  <param-value>simple</param-value>

  <description>

    The unique name for this logger.

  </description>

</init-param>

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:12 // Phillip Putzback

<init-param>

  <param-name>idm.logger.props</param-name>

  <param-value>error-log.properties</param-value>

  <description>

    Configures logging from the specified file.

  </description>

</init-param>

<init-param>

  <param-name>error.page</param-name>

  <param-value>../logonNoSso.jsp</param-value>

  <description>

    The URL of the page to show if an error occurs during authentication.

  </description>

</init-param>

</filter>

<filter-mapping>

  <filter-name>EncodingFilter</filter-name>

  <url-pattern>*.jsp</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>EncodingFilter</filter-name>

  <url-pattern>*.faces</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>ApplicationServiceCacheControlFilter</filter-name>

  <url-pattern>/common/appService.do</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>CacheControlFilter</filter-name>

  <url-pattern>*.gif</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>CacheControlFilter</filter-name>

  <url-pattern>*.css</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>CacheControlFilter</filter-name>

  <url-pattern>*.js</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>CacheControlFilter</filter-name>

  <url-pattern>*.html</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>CacheControlFilter</filter-name>

  <url-pattern>/ure/ure/cache/images/*</url-pattern>

</filter-mapping>

<filter-mapping>

  <filter-name>authFilter</filter-name>

  <url-pattern>/logon/logonService.do</url-pattern>

</filter-mapping>

<listener>

  <listener-class>com.businessobjects.sdk.ceutils.SessionCleanupListener</listener-class>

</listener>

<listener>

  <listener-class>com.sun.faces.config.ConfigureListener</listener-class>

</listener>

<servlet>

  <servlet-name>action</servlet-name>

  <servlet-class>com.crystaldecisions.webapp.struts.framework.CrystalUTF8InputActionServlet</servlet-class>

  <init-param>

    <param-name>application</param-name>

    <param-value>com.businessobjects.infoview.ApplicationResources</param-value>

  </init-param>

  <init-param>

    <param-name>config</param-name>

    <param-value>/WEB-INF/struts-config.xml</param-value>

  </init-param>

  <init-param>

    <param-name>debug</param-name>

    <param-value>0</param-value>

  </init-param>

  <init-param>

    <param-name>content</param-name>

    <param-value>text/html;charset=utf-8</param-value>

  </init-param>

  <init-param>

    <param-name>detail</param-name>

    <param-value>0</param-value>

  </init-param>

  <init-param>

    <param-name>validate</param-name>

    <param-value>true</param-value>

  </init-param>

  <init-param>

    <param-name>nocache</param-name>

    <param-value>true</param-value>

  </init-param>

  <load-on-startup>3</load-on-startup>

</servlet>

<servlet>

  <servlet-name>AppServiceServlet</servlet-name>

  <servlet-class>com.crystaldecisions.webapp.struts.framework.CrystalUTF8InputActionServlet</servlet-class>

  <init-param>

    <param-name>application</param-name>

    <param-value>com.businessobjects.infoview.ApplicationResources</param-value>

  </init-param>

  <init-param>

    <param-name>config</param-name>

    <param-value>/WEB-INF/struts-config.xml</param-value>

  </init-param>

  <init-param>

    <param-name>debug</param-name>

    <param-value>0</param-value>

  </init-param>

  <init-param>

    <param-name>content</param-name>

    <param-value>text/html;charset=utf-8</param-value>

  </init-param>

  <init-param>

    <param-name>detail</param-name>

    <param-value>0</param-value>

  </init-param>

  <init-param>

    <param-name>validate</param-name>

    <param-value>true</param-value>

  </init-param>

  <load-on-startup>3</load-on-startup>

</servlet>

<servlet>

  <servlet-name>Faces Servlet</servlet-name>

  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>

  <load-on-startup>1</load-on-startup>

</servlet>

<servlet>

  <servlet-name>Not Found Servlet</servlet-name>

  <servlet-class>com.businessobjects.webutil.ForwardServlet</servlet-class>

  <init-param>

    <param-name>url</param-name>

    <param-value>/httperror_404.htm</param-value>

  </init-param>

  <load-on-startup>4</load-on-startup>

</servlet>

<servlet-mapping>

  <servlet-name>Faces Servlet</servlet-name>

  <url-pattern>*.faces</url-pattern>

</servlet-mapping>

<servlet-mapping>

  <servlet-name>action</servlet-name>

  <url-pattern>*.do</url-pattern>

</servlet-mapping>

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:13 // Phillip Putzback

It appears the forums strips out the tags if I post to much in one post. Here is the last bit of the file.:

<servlet-mapping>

  <servlet-name>action</servlet-name>

  <url-pattern>*.object</url-pattern>

</servlet-mapping>

<servlet-mapping>

  <servlet-name>AppServiceServlet</servlet-name>

  <url-pattern>/common/appService.do</url-pattern>

</servlet-mapping>

<servlet-mapping>

  <servlet-name>Not Found Servlet</servlet-name>

  <url-pattern>/ProductId.txt</url-pattern>

</servlet-mapping>

<session-config>

  <session-timeout>20</session-timeout>

</session-config>

<error-page>

  <error-code>404</error-code>

  <location>/httperror_404.htm</location>

</error-page>

<error-page>

  <error-code>500</error-code>

  <location>/httperror_500.jsp</location>

</error-page>

<taglib>

  <taglib-uri>/WEB-INF/c.tld</taglib-uri>

  <taglib-location>/WEB-INF/c.tld</taglib-location>

</taglib>

<taglib>

  <taglib-uri>/WEB-INF/fmt.tld</taglib-uri>

  <taglib-location>/WEB-INF/fmt.tld</taglib-location>

</taglib>

<taglib>

  <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>

  <taglib-location>/WEB-INF/struts-html.tld</taglib-location>

</taglib>

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:15 // Phillip Putzback

The following is from my TomCat Properties.

-Djava.library.path=C:/Windows/SysWOW64/;C:/Program Files (x86)/Business Objects/BusinessObjects Enterprise 12.0/win32_x86/

-Dcatalina.base=C:/Program Files (x86)/Business Objects/Tomcat55/

-Dcatalina.home=C:/Program Files (x86)/Business Objects/Tomcat55/

-Djava.endorsed.dirs=C:/Program Files (x86)/Business Objects/Tomcat55/common/endorsed/

-Dbobj.enterprise.home=C:/Program Files (x86)/Business Objects/BusinessObjects Enterprise 12.0/

-Dbusinessobjects.olap.stylesheets=C:/Program Files (x86)/Business Objects/OLAP Intelligence 12.0/stylesheets/

-Djava.library.path=C:\Windows\SysWOW64\;C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\

-Dcatalina.base=C:\Program Files (x86)\Business Objects\Tomcat55\

-Dcatalina.home=C:\Program Files (x86)\Business Objects\Tomcat55\

-Djava.endorsed.dirs=C:\Program Files (x86)\Business Objects\Tomcat55\common\endorsed\

-Dbobj.enterprise.home=C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 12.0\

-Xrs

-XX:MaxPermSize=256M

-Dbusinessobjects.olap.bin=

-Dbusinessobjects.olap.stylesheets=C:\Program Files (x86)\Business Objects\OLAP Intelligence 12.0\stylesheets\

-Djava.awt.headless=true

-Djava.security.auth.login.config=C:\WINNT\bscLogin.conf

-Djava.security.krb5.conf=C:\WINNT\Krb5.ini

-Dcom.wedgetail.idm.sso.password=password1

-Djcsi.kerberos.maxpacketsize=0

-Djcsi.kerberos.debug=true

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:21 // Arjun Venkateswarlu

Please make  changes as below and try again

<param-name>cms.visible</param-name>

<param-value>true</param-value>

</context-param>

set to FALSE

<context-param>

<param-name>sso.sap.primary</param-name>

<param-value>true</param-value>

</context-param>

set to FALSE

In server.xml in Tomcat55/Conf folder change as below

<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="32768" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="8443" />

Thanks,

Sravanthi

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:34 // Arjun Venkateswarlu

Your Tomcat config looks good.

Please make changes as said above and here is my XML

<context-param>

        <param-name>cms.default</param-name>

        <param-value>HOSTNAME:6400</param-value>

    </context-param>

    <!-- Choose whether to let the user change the CMS name -->

    <!-- If it isn't shown the default System from above will be used -->

    <context-param>

        <param-name>cms.visible</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- You can specify the default Authentication types here -->

    <!-- secEnterprise, secLDAP, secWinAD, secSAPR3 -->

    <context-param>

        <param-name>authentication.default</param-name>

        <param-value>secWinAD</param-value>

    </context-param>

    <!-- Choose whether to let the user change the authentication type -->

    <!-- If it isn't shown the default authentication type from above will be used -->

    <context-param>

        <param-name>authentication.visible</param-name>

        <param-value>true</param-value>

    </context-param>

    <!-- The default home page -->

    <context-param>

        <param-name>homepage.default</param-name>

        <param-value>/jsp/listing/home.jsp</param-value>

    </context-param>

    <!-- If the locale preference is disabled (only english languages will be used/allowed) -->

    <context-param>

        <param-name>disable.locale.preference</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- Set to false to disable Siteminder single sign on. -->

    <context-param>

        <param-name>siteminder.enabled</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- You can specify the siteminder Authentication type here -->

    <!-- secLDAP, secWinAD -->

    <context-param>

        <param-name>siteminder.authentication</param-name>

        <param-value>secLDAP</param-value>

    </context-param>

    <!-- Set to true to enable Vintela single sign on. -->

    <context-param>

        <param-name>vintela.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

    <!-- Set to true to enable other single sign on. -->

    <context-param>

        <param-name>sso.enabled</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- Set to true to use SAP SSO as the application's primary SSO mechanism -->

    <context-param>

        <param-name>sso.sap.primary</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- Set to false to disable logon with token. -->

    <context-param>

        <param-name>logontoken.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

<filter>

        <filter-name>authFilter</filter-name>

        <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

        <init-param>

            <param-name>idm.realm</param-name>

            <param-value>DOMAIN NAME</param-value>

        </init-param>

        <init-param>

            <param-name>idm.princ</param-name>

            <param-value><SERVICENAME></param-value>

        </init-param>

     <init-param>

           <param-name>idm.keytab</param-name>

           <param-value>C:\winnt\bofinale.keytab</param-value>

        </init-param>

        <init-param>

            <param-name>idm.allowUnsecured</param-name>

            <param-value>true</param-value>

        </init-param>

        <init-param>

            <param-name>idm.allowNTLM</param-name>

            <param-value>false</param-value>

        </init-param>

        <init-param>

            <param-name>idm.logger.name</param-name>

            <param-value>simple</param-value>

            <description>

                The unique name for this logger.

            </description>

        </init-param>

        <init-param>

            <param-name>idm.logger.props</param-name>

            <param-value>error-log.properties</param-value>

            <description>

                Configures logging from the specified file.

            </description>

        </init-param>

        <init-param>

            <param-name>error.page</param-name>

            <param-value>../logonNoSso.jsp</param-value>

            <description>

                The URL of the page to show if an error occurs during authentication.

            </description>

        </init-param>

    </filter>

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:57 // Phillip Putzback

I am still getting this error:

HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

-


type Status report

message com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

description The server encountered an internal error (com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78) that prevented it from fulfilling this request.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

17:50 // Phillip Putzback

<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->

    <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="32768" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="8443"/>

    <!-- Note : To disable connection timeouts, set connectionTimeout value

     to 0 -->

And that is here:
ETBO1\Program Files (x86)\Business Objects\Tomcat55\conf\server.xml

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

17:33 // Arjun Venkateswarlu

Can you please make sure, you have increased MaxHttpHeaderSize in NON-SSL.

After increasing maxHttpHeaderSize for non-SSL

MaxHttpHeaderSize - 32768

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

18:10 // Arjun Venkateswarlu

If you don't mind, let's replace the original web.xml and server.xml file and try modifying again. Let's change the authentication part first without modifying Authfilter.

Please change the authentication part as below and make sure you get InfoViewApp page and let us know.

<context-param>

        <param-name>cms.default</param-name>

        <param-value>ETBO1:6400</param-value>

    </context-param>

    <!-- Choose whether to let the user change the CMS name -->

    <!-- If it isn't shown the default System from above will be used -->

    <context-param>

        <param-name>cms.visible</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- You can specify the default Authentication types here -->

    <!-- secEnterprise, secLDAP, secWinAD, secSAPR3 -->

    <context-param>

        <param-name>authentication.default</param-name>

        <param-value>secWinAD</param-value>

    </context-param>

    <!-- Choose whether to let the user change the authentication type -->

    <!-- If it isn't shown the default authentication type from above will be used -->

    <context-param>

        <param-name>authentication.visible</param-name>

        <param-value>true</param-value>

    </context-param>

    <!-- The default home page -->

    <context-param>

        <param-name>homepage.default</param-name>

        <param-value>/jsp/listing/home.jsp</param-value>

    </context-param>

    <!-- If the locale preference is disabled (only english languages will be used/allowed) -->

    <context-param>

        <param-name>disable.locale.preference</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- Set to false to disable Siteminder single sign on. -->

    <context-param>

        <param-name>siteminder.enabled</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- You can specify the siteminder Authentication type here -->

    <!-- secLDAP, secWinAD -->

    <context-param>

        <param-name>siteminder.authentication</param-name>

        <param-value>secLDAP</param-value>

    </context-param>

    <!-- Set to true to enable Vintela single sign on. -->

    <context-param>

        <param-name>vintela.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

    <!-- Set to true to enable other single sign on. -->

    <context-param>

        <param-name>sso.enabled</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- Set to true to use SAP SSO as the application's primary SSO mechanism -->

    <context-param>

        <param-name>sso.sap.primary</param-name>

        <param-value>false</param-value>

    </context-param>

    <!-- Set to false to disable logon with token. -->

    <context-param>

        <param-name>logontoken.enabled</param-name>

        <param-value>true</param-value>

    </context-param>

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

18:44 // Phillip Putzback

I made the change. The only one I think that did not match was

  <!-- You can specify the siteminder Authentication type here -->

    <!-- secLDAP, secWinAD -->

    <context-param>

        <param-name>siteminder.authentication</param-name>

        <param-value>secLDAP</param-value>

    </context-param>

Mine was originally secWinAD

I can manually log in to InfoView with my AD info but not with the service account info.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

18:56 // Arjun Venkateswarlu

Thats good, Since we didn't change the AuthFIlter yet, this is known.

Please change the Authfilter as below

<filter>

        <filter-name>authFilter</filter-name>

        <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

        <init-param>

            <param-name>idm.realm</param-name>

            <param-value>DOMAIN.DOMIAN</param-value>

        </init-param>

        <init-param>

            <param-name>idm.princ</param-name>

            <param-value>SERVICEBO</param-value>

        </init-param>

     <init-param>

           <param-name>idm.keytab</param-name>

           <param-value>C:\winnt\bofinale.keytab</param-value>

        </init-param>

        <init-param>

            <param-name>idm.allowUnsecured</param-name>

            <param-value>true</param-value>

        </init-param>

        <init-param>

            <param-name>idm.allowNTLM</param-name>

            <param-value>false</param-value>

        </init-param>

        <init-param>

            <param-name>idm.logger.name</param-name>

            <param-value>simple</param-value>

            <description>

                The unique name for this logger.

            </description>

        </init-param>

        <init-param>

            <param-name>idm.logger.props</param-name>

            <param-value>error-log.properties</param-value>

            <description>

                Configures logging from the specified file.

            </description>

        </init-param>

        <init-param>

            <param-name>error.page</param-name>

            <param-value>../logonNoSso.jsp</param-value>

            <description>

                The URL of the page to show if an error occurs during authentication.

            </description>

        </init-param>

    </filter>

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

19:20 // Arjun Venkateswarlu

OK, In your BOBJ server type below command and pleas paste the log

setspn -L <SERVICENAME>

below is mine, please compare it with yours

C:\Users\boadm>setspn -L SERVICEBO

Registered ServicePrincipalNames for CN=SERVICEBO,OU=USERS,OU=SAP,OU=SITES,DC=DOMAIN,DC=local:

        HTTP/10.1.47.71

        HTTP/SAPBO01.DOMAIN.LOCAL

        HTTP/SAPBO01

        BOSSO/SERVICEBO.DOMAIN.LOCAL

You can register the setspn as below :-

example

setspn -A HTTP/SAPBO01.LEPRINO.LOCAL  SERVICEBO

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

19:06 // Phillip Putzback

After I make this change I get the 404 error.

HTTP Status 404 - /InfoViewApp/logon.jsp

-


type Status report

message /InfoViewApp/logon.jsp

description The requested resource (/InfoViewApp/logon.jsp) is not available.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

20:11 // Phillip Putzback

C:\Users\BOECMS_TST>setspn -l BOECMS_TST

Registered ServicePrincipalNames for CN=BOECMS_TST,OU=Service Accounts - BV,

OU=Servers,DC=cal,DC=community,DC=com:

        http/10.246.32.103

        http/10.246.32.102

        http/etbo1

        http/etbo2.cal.community.com

        http/etbo2

        http/etbo1.cal.community.com

        ETBO1/BOECMS_TST.cal.community.com

        ETBO2/BOECMS_TST.cal.community.com

And I am still getting the 404 error.

And I have this error in the tomcat.log

Exception starting filter authFilter

com.wedgetail.idm.sso.ConfigException: No keytab entries for BOECMS_TST_AT_CAL.COMMUNITY.COM in keytab

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

20:20 // Phillip Putzback

Running kinit gives me this:

C:\Program Files (x86)\Business Objects\javasdk\bin>kinit BOECMS_TST

Password for BOECMS_TST AT CAL.COMMUNITY.COM:password

Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no s

upport for encryption type

KrbException: KDC has no support for encryption type (14)

        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)

        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)

        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:444)

        at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310)

        at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:259)

        at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)

Caused by: KrbException: Identifier doesn't match expected value (906)

        at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)

        at sun.security.krb5.internal.ASRep.init(ASRep.java:58)

        at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)

        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)

        ... 5 more

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

21:19 // Arjun Venkateswarlu

1). You can try deleting all 02 ETB02 entries from ETB01 setspn

example :- setspn -D http://http/etbo2.cal.community.com BOECMS_TST

Also in Web.xml file in the place of IDM.PRIC use BOECMS_TST (Account Name)

please use the below command to create the key

ktpass -out bofinale.keytab -princ BOECMS_TSTATDOMAIN.LOCAL -password <password> -kvno 255-ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

AT -- @ (forums not allowing me to type @ as it thinks as email address)

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

22:40 // Phillip Putzback

I got the new key tab and made the change in web.xml

<init-param>

        <param-name>idm.keytab</param-name>

        <param-value>C:\WINNT\bosso.keytab</param-value>

      </init-param>

This is the error in TomCat

[localhost].[/InfoViewApp] Thread [Thread-1];  Exception starting filter authFilter

com.wedgetail.idm.sso.ConfigException: No keytab entries for BOECMS_TST_AT_CAL.COMMUNITY.COM in keytab: Version: 5.2

File: C:\WINNT\bosso.keytab, modified Thu Dec 29 16:09:57 EST 2011, loaded Thu Dec 29 16:33:35 EST 2011

I am also still getting the 404 error in the internet explorer when trying to connect to infoview.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

22:57 // Arjun Venkateswarlu

Let's get the InfoPage working and we will work on keytab.

Did you tried  deleting all 02 ETB02 entries from ETB01 setspn

example :- setspn -D http://etbo2.cal.community.com BOECMS_TST

comment the idm.keytab and please provide password in Tomcat configuration.

Also please paste setspn -L BOECMS_TST after deleting the ETB02 from ETB01 system.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

23:21 // Arjun Venkateswarlu

Great ! it means we got the InfoViewPage working.

You can login manually because, we have commented the keytab in web.xml

Now, let's uncomment the keytab in web.xml and try to login with the keytab file which got generated by the command I gave you.

Make sure NON-SSL in server.xml has the value mentioned before.

if you still have FWN-006 error, then something wrong in keytab file. Please paste the complete command and output.

points are appreciated.

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

23:14 // Phillip Putzback

SETSPN -!

C:\Users\PAPutzba>setspn -l BOECMS_TST

Registered ServicePrincipalNames for CN=BOECMS_TST,OU=Service Accounts - BV,

OU=Servers,DC=cal,DC=community,DC=com:

        http/10.246.32.102

        http/etbo1

        http/etbo1.cal.community.com

        ETBO1/BOECMS_TST.cal.community.com

I can manually log in to info view now.

FYI. I am logged into the machine via rdp with my username, not the service account. I also can manually log in to infoview with my username but not the BOECMS_TST service account. Is there something there we need to change?

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

23:32 // Phillip Putzback

I commented out the file and now I get the 404 error in internet explorer.

This is from the tomcat log:

29-12-11 17:29:10:785 - [localhost].[/InfoViewApp] Thread [Thread-1];  Exception starting filter authFilter

com.wedgetail.idm.sso.ConfigException: No keytab entries for BOECMS_TST_AT_CAL.COMMUNITY.COM in keytab: Version: 5.2

File: C:\WINNT\bosso.keytab,

I amde a copy of the keytab file and opened it in notepad and the only text I can read is CAL.COMMUNITY  svc_BOECMS_TST and the rest of the text is not alpha-numeric

Dec 11 29

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

23:40 // Arjun Venkateswarlu

Looks like something wrong with your service account and keytab.

Check the properties of service account BOECMS_TST in AD server.

check in the document for properties of AD user - Configuring Vintela SSO in Distributed Environments - Complete.pdf. Note 1261835 - Configuring java SSO (aka vintela, kerberos) in Distributed Environments - XI 3.1 **Best Practices*

Check this note also - 1262301 - Infoview returns an error 404 or 'Didn't find name at offset' when Tomcat is configured with SSO Vintela and AD Kerberos.

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

10:19 // Amit Kumar

Hi,

Check the properties of the service account,option "Trust this user for delegation" should be checked.

Second Stop tomcat and rename the InfoViewApp folder under the tomcat and restart the tomcat.After that automatically new infoviewapp folder will create.then change  in the web.xml file.

Stop the tomcat andthen SIA under the CCM.Then first start SIA and Then tomcat.

May be this helps you..WE got the same error message  while enabling SSO.Our issue with option "Trust this user for delegation" was not checked.

Hope  this helps you..

Thanks,

Amit

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

10:59 // Hakan Kilic

Hi Phil!

Looks like you are missing some essentials for the Vintela configuration:

Here the steps you need:

1. let you Windows AD Admin create a service account (SA) for you, which should have admin rights on the server of BO

    ie: bo_user

2. The SA should have checked: "Usage Cannot Change Password" + "Password never expires"

3. The SA should have also checked: "Trust this user for delegation to any service (Kerberos only)

HINT

There is a fix for Windows 2003 AD Server, which is necessary to handle the SPN users correctly - ask your Admin which server you are using

HINT

4. Your Admin now should create the service SPNs with:

     setspn -a HTTP/hostname                         .. ie: HTTP/BOSERVER         (everything in upper case letters, don't use any underscores)

     setspn -a HTTP/Full Qualified Host Name  .. ie: HTTP/BOSERVER.WORK.COM

     setspn -a HTTP/ip-address                        .. ie: 179.120.120.12

HINT

If you are using HTTPS on the server, you will still need HTTP entries within your SPN

HINT

5. Your Admin should now create your KTPASS file

      

ktpass -out vintela.keytab -princ HTTP/BOSERVER(enter here at symbol)WINAUTHTZ.COM -mapuser bo_user -pass <password> -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

6. Your Admin should now reset the password for the user in Windows AD to the original. And then copy the KTPASS file "vintela.keytab" to your server

7. Enter the user + domain to your CMCAPP under AD Groups. And enter the SPN name HTTP/BOSERVER under "Use Kerberos authentication -> Service Principal Name"

8. Stop your SIA via CMS (= main service running on the BO Server) and run it with different user ie: bo_user

9. Make sure that your user ie: bo_user has within "Local Security Setting -> Local Policies -> User Rights Asignment" the role "Act as part of the operation system"

10. Enter details for KRB5.ini and BSCLogin.conf to Tomcat launch properties

       

-Djava.security.auth.login.config=C:\winnt\bscLogin.conf       -Djava.security.krb5.conf=C:\winnt\Krb5.ini

HINT

The web.xml files are under your BO Installation within the Tomcat webapp directory

ie: C:\Program Files (x86)\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF

HINT

11. Within the web.xml files (opendocument, InfoViewApp, dswsbobje) enter true for vintela.enabled, and disable siteminder

12. Within the web.xml for vintela

       idm.realm = WORK.COM

       idm.princ = HTTP/BOSERVER

13. Within the web.xml for vintela

      create an entry for idm.keytab with the location of your keytab file

      ie:

<init-param> <param-name>idm.keytab</param-name> <param-value>c:\winnt\vintela.keytab</param-value> </init-param>

HINT

You can open the content of the keytab file, where you should find you SPN/idm.princ in readable format HTTP/BOSERVER

HINT

I hope I have covered everything essential

ciao Hakan

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

15:35 // Phillip Putzback

Amit Kumar Rathi wrote:

Hi,

>

> Check the properties of the service account,option "Trust this user for delegation" should be checked.

> Second Stop tomcat and rename the InfoViewApp folder under the tomcat and restart the tomcat.After that automatically new infoviewapp folder will create.then change  in the web.xml file.

>

> Stop the tomcat andthen SIA under the CCM.Then first start SIA and Then tomcat.

>

> May be this helps you..WE got the same error message  while enabling SSO.Our issue with option "Trust this user for delegation" was not checked.

>

>

> Hope  this helps you..

> Thanks,

> Amit

Delgation Tab. Option (Trust this user for delegation to any service (Kerberos only) ) is selected

Account Tab:

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:48 // Phillip Putzback

We got this error "KTPASS failed getting target domain for specified user" when trying to recrete the keytab using the syntax

ktpass -out bosso.keytab -princ HTTP/ETBO1@ at CAL.ECommunity.COM -mapuser BOECMS_TST -pass password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

So we are going to try

ktpass -out bosso.keytab -princ HTTP/ETBO1 at CAL.ECommunity.COM -mapuser CHE\BOECMS_TST -pass password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

and  then

ktpass -out bosso.keytab -princ HTTP/ETBO1 at CAL.ECommunity.COM -mapuser BOECMS_TST at CAL.COMMUNITY.COM -pass password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:57 // Phillip Putzback

Hakan Kilic wrote:

Hi Phil!

>

HINT

> You can open the content of the keytab file, where you should find you SPN/idm.princ in readable format HTTP/BOSERVER

> HINT

>

> I hope I have covered everything essential

> ciao Hakan

In my latest keytab ran with the syntax of my previous post  I see this

CAL.COMMUNITY.COM  HTTP  ETBO1

Thanks,

Phil

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

16:59 // Phillip Putzback

nd should the following text in web.xml be uncommented?

    <!-- For Vintela SSO the following filter mapping needs to be uncommented.

         There is also a filter which needs to be uncommented.

    -->

    <!--

    <filter-mapping>

        <filter-name>authFilter</filter-name>

        <url-pattern>/logon/logonService.do</url-pattern>

    </filter-mapping>

    -->

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

17:33 // Arjun Venkateswarlu

Yes, below should be uncommented

<!-- For Vintela SSO the following filter mapping needs to be uncommented.

There is also a filter which needs to be uncommented.

-->

<!--

<filter-mapping>

<filter-name>authFilter</filter-name>

<url-pattern>/logon/logonService.do</url-pattern>

</filter-mapping>

-->

It should looks like below

<!-- For Vintela SSO the following filter mapping needs to be uncommented.

There is also a filter which needs to be uncommented.

-->

<filter-mapping>

<filter-name>authFilter</filter-name>

<url-pattern>/logon/logonService.do</url-pattern>

</filter-mapping>

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

18:22 // Phillip Putzback

Things seem to be falling into place now.

On my remote machine I can log into infoview with SSO.

On the local machine I get this error

HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

When I try to login into OpenDocument http://etbo1:8080/OpenDocument/opendoc/openDocument.jsp

I get the following error:

An error has occurred: An error occured while trying to view the document

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

18:57 // Phillip Putzback

I have set the header size for both HTTP and HTTPS to the settings posted on page 1 of this doc.

In server.xml in Tomcat55/Conf folder change as below

 

<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="32768" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="8443" />

I only get the wedgtail HTTP Status 500 error on the host server not the clients.

Edited by: PAPutzback on Dec 30, 2011 6:56 PM

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

18:35 // Arjun Venkateswarlu

Please make sure Service User is Local Administrator of the server and also check under Policies that "Act as a part of operating system user".

Also please increase the value of MaxHttpHeader Value for Non-SSL

Please check below notes

SSO fails in 3.1 SP3. Works in SP2.

1495990 - HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level

1302775 - Error: HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException when logging into Infoview with Active Directory Single Sign-On

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

19:34 // Arjun Venkateswarlu

Hi Phil,

We need to change in the server side for the Bad Tag error 78.

The maximum GET length is a client (browser) related issue. Servers MUST be able to handle the URI of any resource they serve, and SHOULD be able to handle URIs of unbounded length if they provide GET-based forms that could generate such URIs

lets increase the value to 65536 of MaxHttpHeaderSize

Also check if the IE browser settings are correct:

- Enable Integrated Windows Authentication*

- Add the InfoView Link to Local Intranet site.

Can you please check in other browser also.

Did you added below paramaters in Tomcat configuration?

-Djcsi.kerberos.maxpacketsize=0

-Djcsi.kerberos.debug=true

Also, could you try with:

-Dsun.security.krb5.debug=true

The last one will create huge file..so I would say immidiately disable this tracing after issue is reproduced.

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

20:34 // Phillip Putzback

I changed the maxHTTPHeader size.

The other settings already existed

I added the krb5.debug=true setting

Here is the log after trying to open info view

30-12-11 14:30:15:288 - [/InfoViewApp].[action] Thread [http-8080-Processor25];  Servlet.service() for servlet action threw exception java.lang.IllegalStateException [DEBUG] Fri Dec 30 14:30:15 EST 2011 jcsi.kerberos: GSS: Acceptor supports: KRB5 30-12-11 14:30:15:335 - [/InfoViewApp].[jsp] Thread [http-8080-Processor25];  Servlet.service() for servlet jsp threw exception

java.lang.NullPointerException

Dec 30, 2011 2:30:15 PM org.apache.catalina.core.StandardHostValve custom

SEVERE: Exception Processing ErrorPage[errorCode=500, location=/httperror_500.jsp]

Dec 11 30

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

21:05 // Arjun Venkateswarlu

can you please check below

Open the Tomcat Configuration (found in Start Menu > Programs > Tomcat > Tomcat Configuration).

Browse to the Java tab

Set the Initial Memory Pool Size to 1024.

Set the Maximum Memory Pool size to 1024.

Also check below links..same issue has been addressed

CRS2008 V1 Vintela SSO - ALMOST There!

SSO working, but "silent" SSO fails

"krb_error 6 Client not found in Kerberos database" error

SSO with BO XI 3.1 SP2 - All Client apps work fine, but InfoView fails

Jan 12 03

Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp  

15:47 // Phillip Putzback

AS far as the OP goes this problem has been fixed. I stil lcan't get the BO aps like Designer or Web Intelligence Rich Client to work with SOS but that takes this off topic. I'll have to start a new thread for that. I think they solutions that helped the most were getting the syntax of SETSPN correct and also setting the parameters in the system and web.xml files correctly.

Thanks for all the help,

Phil

Edited by: PAPutzback on Jan 3, 2012 3:46 PM

Feedback