search cancel

CA UIM / CABI - CABI dashboards not working with TLS enabled using cabi_external

book

Article ID: 129820

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

I'm using the cabi_external probe in a TLS environment and the CABI Dashboards are NOT working in the UMP, Operator Console or Jasper Report Server Web Console. 

Environment

TLS Enabled Environment
UIM 9.0.2 GA
UMP 9.0.2 HF2
cabi_external v3.40 and Jasper Report Server v6.4.3
Oracle and MS SQL Server Databases

Cause

Out of the box when using the cabi_external probe in a TLS environment, the wallet / trust store path and password are NOT added to the UIM datasource (stored in the context.xml file \CA\SC\CA Business Intelligence\apache-tomcat\webapps\jasperserver-pro\META-INF\context.xml).  

Resolution

1. Access the Jasper Report Server Web Page (http://<JRS_IP_OR_HOSTNAME>:8080/jasperserver-pro) using the superuser account. 

2. Home -> Data Sources, View List -> Right Click the "UIM Datasource" and Select "Edit".

3. In the "URL (required)" field which will look like: 
  • For Oracle: jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com
  • For MS SQL Server: jdbc:tibcosoftware:sqlserver://<DATABASE_IP>:1433;databaseName=CA_UIM
You will need to add the wallet / trust store path and password, example: 
  • ;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;[email protected]
Note: The trust store path and password will be the path and password configured in your environment. 

The URL will look like: 

jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;[email protected]

4. Save the changes to the UIM Datasource and Test Connection to confirm it's successful.

Note: You will need to clear the browser cache when retesting the UIM / CABI Dashboards in the UMP or Operator Console. 

*If you are using TLS with Oracle, please follow the additional steps below to configure the UIM JNDI Datasource - THIS IS NOT REQUIRED IF YOU USE TLS WITH MS SQL SERVER *

5. On the server where the Jasper Report Server instance is running, go to: \CA\SC\CA Business Intelligence\apache-tomcat\webapps\jasperserver-pro\META-INF\context.xml
  • Before making any changes create a backup copy of the context.xml file. 

Under the "Resource username" section we will need to add the trust store / wallet password, example: 

<Resource username="CA_UIM" url="jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;TrustStorePassword=;" type="javax.sql.DataSource" password="ENC-e892deda7dd96de81c1b4c75f2b64d2882f7bc5be209def8a95807f2336ab1f4-" name="jdbc/uim" maxWait="10000" maxIdle="30" maxActive="100" factory="com.jaspersoft.jasperserver.tomcat.jndi.JSCommonsBasicDataSourceFactory" driverClassName="tibcosoftware.jdbc.oracle.OracleDriver" auth="Container" initConnectionSqls="ALTER SESSION SET NLS_COMP='LINGUISTIC';ALTER SESSION SET NLS_SORT='BINARY_CI'" defaultTransactionIsolation="TRANSACTION_READ_UNCOMMITTED"/>
</Context>

On the highlighted section add your trust store password, example: 

<Resource username="CA_UIM" url="jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;[email protected];" type="javax.sql.DataSource" password="ENC-e892deda7dd96de81c1b4c75f2b64d2882f7bc5be209def8a95807f2336ab1f4-" name="jdbc/uim" maxWait="10000" maxIdle="30" maxActive="100" factory="com.jaspersoft.jasperserver.tomcat.jndi.JSCommonsBasicDataSourceFactory" driverClassName="tibcosoftware.jdbc.oracle.OracleDriver" auth="Container" initConnectionSqls="ALTER SESSION SET NLS_COMP='LINGUISTIC';ALTER SESSION SET NLS_SORT='BINARY_CI'" defaultTransactionIsolation="TRANSACTION_READ_UNCOMMITTED"/>
</Context>

6. Save the changes to the file, go to services and restarted the "CA Business Intelligence Tomcat" service. 

Note: You will need to clear the browser cache when retesting the UIM / CABI Dashboards in the UMP or Operator Console.