All of a sudden for everyone in the company, if we open the Operator Console (OC) and go to Reports, and choose one of the reports and run it, the CABI login page loads rather than the report.
This was working fine, then all of a sudden the login page is coming up now. Also, we ARE running the UIM 20.3.3 JUNE release. This was working as of Tuesday for everyone. Now this morning, all of a sudden anyone who tries to run a report gets the CABI login page now.
- Most likely due to recent security changes in the Chrome browser (since it was working as expected previously).
Use Firefox browser (if possible).
In the customer's Test environment, this issue was occurring when using Chrome so I asked the customer to try Firefox and it did not occur. Fortunately, Firefox was already installed on the customer's server - their official machine image and it was the latest version of Firefox v92.0.
In the customer's Test environment, the 'LAX' settings were configured as per the documentation but the LAX (relaxed) settings were meant only for the Chrome browser.
See LAX settings here:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/installing/ca-business-intelligence-with-ca-uim/installing-and-upgrading-ca-business-intelligence-jasperreports-server-with-ca-uim/install-or-upgrade-for-a-bundled-ca-business-intelligence-jasperreports-server.html
When using Firefox in the Test environment, if the LAX settings were configured, the prompt to login still occurred. In Test, we had to set the LAX settings to 'None' to get it to stop prompting for CABI Login when accessing Reports in OC.
In the customer's PROD environment, the settings were already-currently set to 'None' not 'LAX.' They were always set this way in PROD.
Using the Chrome browser, when accessing Reports, after login using superuser/superuser to cabi when prompted, logging in when prompted the first time could avoid the issue. Unfortunately, all 500 users would have to be notified to login via email with instructions to login as superuser/superuser at least once. This is a NEW development and was not required before in the environment.
The customer also tried logging in as a normal user but that didn't serve as a workaround because we tested it and it wouldn't allow them to login and threw an 'Invalid credentials supplied' error on the CABI login page.
In Prod, when using Firefox and accessing the reports via OC, it worked without being prompted to login to CABI. Note that in PROD the LAX settings were still set to 'None' not LAX. So, when using Firefox in PROD the issue did not occur.
This recent issue appears a result of Google/Chrome's efforts to "Secure the internet."
The belief/philosophy driving this behavior in Chrome browser (which filters its way down to IE/Chromium as well generally) is that all internet sites should be HTTPS only, with signed certificates.
Google Chrome may continue adding this type of functionality, the ultimate goal of which is to discourage the use of HTTP and 'self-signed' certificates Internet-wide.
The permanent fix for this issue is to configure wasp cabi with HTTPS and a signed certificate.
1. Open Infrastructure Manager
2. Navigate to the cabi robot
3. Press the Ctrl key as you right-click the wasp probe, and then select Raw Configure.
4. With the setup section highlighted, locate the https_port key, and click the Edit Key to specify a port, e.g., 443. If necessary, click New Key and enter-> https_port.
The maximum port value that you can set is 65535
5. Restart the wasp probe
Configure the Operator Console and CABI (JasperServer) with HTTPS:
The following steps, taken from the end of the CABI probe troubleshooting section can be used if the OC and CABI URLs are accessed within the same domain/sub-domain
(Optional settings) Only if the Operator Console URL and the CABI URL can be accessed with the same domain and sub-domain, you may decide to perform the below settings:
For more detailed information on Chrome browser updates please refer to the following urls:
Chrome Enterprise release notes (as of August 31, 2021)
A safer default for navigation: HTTPS