NFA / ADA/ UCM LDAP Authentication issue with GSSAPI
search cancel

NFA / ADA/ UCM LDAP Authentication issue with GSSAPI

book

Article ID: 115509

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA) CA Unified Communications Monitor (NetQoS / UCM) CA Application Delivery Analysis (NetQoS / ADA)

Issue/Introduction

When setting up LDAP Authentication with GSSAPI Encryption, you may find that the SSOConfig.exe tool shows a "Clone Success", but the web GUI still does not authenticate properly and you see a "Unable to authenticate user." error. 

One way to see deeper messaging for the LDAP GSSAPI Integration is to enable debug in the configuration.jsp file found in $installdir\sso\webapps\sso. By default D:\CA\NFA\Portal\sso\webapps\sso. Within this file, edit the 'boolean troubleshoot' value from false to true and save the file. Restart the SSO service (CA Performance Center SSO Service or Performance Center SSO Service) and test a users LDAP login via the SSO Config at the command line. Do we see this error in the login page so NFA's SSO?

DirContext.SECURITY_AUTHENTICATION = GSSAPI Connecting to the LDAP server using GSSAPI. Username: xxxxx. Password: set Uncaught Exception: 
java.lang.SecurityException: /configuration/ssoconfig_jaas.conf (No such file or directory)

Environment

NFA 9.3+
ADA 10.6+
UCM 4.0+

Cause

The root cause behind both errors is the products inability to find its necessary configuration files within the SSO service.

Resolution

To resolve this, the SSO_HOME environment variable must be setup correctly in the SSO service's wrapper.conf file. If that is not done, when this occurs it results in an SSO service that is unable to find SAML or LDAP GSSAPI configuration files and settings.

  1. Edit: installdir\NFA\Portal\SSO\conf\wrapper.conf
  2. Find the line that includes: 'set.SSO_HOME'
  3. Replace the value of 'set.SSO_HOME' from: "installdir\NFA\Portal\SSO\webapps\sso" to installdir\NFA\Portal\SSO\webapps\sso
  4. Restart the 'CA Performance Center SSO Service' in Windows Services.


You are simply removing the double quotes from the value and restarting the CA Performance Center SSO Service and the GUI should now authenticate without an issue.