What Steps are required to disable EEM or CA SiteMinder via CLI in DX Netops Spectrum

book

Article ID: 20818

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

How to disable EEM or CA SiteMinder integration in Spectrum from CLI

 



Resolution

  1. Bring down the One Click Tomcat Web Server and close out of any open OneClick client consoles.
     
  2. In the One Click web server, in the $SPECROOT/custom/ directory rename the sso directory to sso.bak.
     
  3. Make a backup copy and then Edit the web.xml in the directory $SPECROOT/tomcat/webapps/spectrum/WEB-INF:
     
    1. Change the following entry:

      <login-config>
      <auth-method> EXTERNALSSO </auth-method>
      <realm-name>SPECTRUM</realm-name>
      </login-config>

      To become:
      <login-config>
      <auth-method> BASIC </auth-method>
      <realm-name>SPECTRUM</realm-name>
      </login-config>


    example


     
  4. Comment out this entry that should show at the top of the file
    <listener>
    <listener-class>com.aprisma.tomcat.authenticator.ExternalSSOAuth</listener -class>
    </listener>

    To make it:
    <!--
    <listener>
    <listener-class>com.aprisma.tomcat.authenticator.ExternalSSOAuth</listener-class>
    </listener>
    -->

 

  • Save the changes made to the $SPECROOT/tomcat/webapps/spectrum/WEB-INF/web.xml file.

 

  • Go to the $SPECROOT/tomcat/conf/context.xml file.

    a. Add this line:
        <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" changeSessionIdOnAuthentication="false" />

    b. And comment out this line:
        <Valve className="com.aprisma.tomcat.authenticator.ExternalSSOAuth" changeSessionIdOnAuthentication="false" />

    So that it looks like this:
        <!--
        <Valve className="com.aprisma.tomcat.authenticator.ExternalSSOAuth" changeSessionIdOnAuthentication="false" />
        -->

    example

     
  • Save the file changes to the $SPECROOT/tomcat/conf/context.xml file
     
  • Start the OneClick Tomcat Web Server and attempt to log in with a non LDAP account

Attachments