SDM uses SSO for authentication (works as expected) Service Catalog, if we enable NTLM authentication for SSO, will log in as expected. However after that, communication to SDM from SC fails whenever SC is recycled. It will not retrieve info for the request categories in a form. One must first run a test connection for SDM from Catalog before attempting to access Category content
Release : 17.2 and higher
Component : SDM - Catalog
In the view.log, one may find:
20XX/XX/XX XX.XX.XX.XXX ERROR [https-jsse-nio-8443-exec-20] [FetchSDMIncidentAreasPlugin] Error occurred while getting incident areas; nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
20XX/XX/XX XX.XX.XX.XXX ERROR [https-jsse-nio-8443-exec-20] [CatalogHostService] Unexpected exception while calling plugin:com.sun.proxy.$Proxy131
The cause is the certificates used by the OpenJDK specification for Catalog need to be updated with the SDM SSL certificate. Telltale sign is the " unable to find valid certification path to requested target" message in the view.log against "FetchSDMIncidentAreasPlugin"
Access SDM Server URL and export the browser certificate as a DER encoded binary X.509 cert file. File "sdmcert.cer".
On the catalog server, locate the "cacerts" keystore file located in the Catalog install folder's embedded/jdk/lib/security directory and used the keytool utility to import the above sdmcert file into the "cacerts" keystore.
keytool -import -trustcacerts -keystore cacerts - storepass changeit -noprompt -alias sdmcert -file c:\sdmcert.cer
viewService.conf needs to be edited (Catalog install dir/view/conf and the following two lines were changed:
With the above changes, recycling Catalog no longer requires a "test connection" for SDM from Catalog. One can go right into Catalog and access SDM categories in the offering, correcting the issue.