Cannot open Jasper Server reports via "Launch Insights" button when SSL is enabled
search cancel

Cannot open Jasper Server reports via "Launch Insights" button when SSL is enabled

book

Article ID: 246940

calendar_today

Updated On:

Products

CA Service Desk Manager

Issue/Introduction

When trying to open a report (in JasperServer) using the "Launch Insights" button we get "AHD04405 : CA Service Desk System internal error" inside of std.log

The specific files are the same date and size and both the SDM service and the Tomcat JasperServer-pro service have been started.

 

Environment

Release : 17.x

Component : JASPERSOFT REPORTS FOR SERVICE MANAGEMENT

Cause

Incorrect Certificate using Java keystore instead of Private keystore 

Resolution

There is existing documentation on  How to configure SSL with Jasper but in some cases, please follow these additional steps below.

1. Create the SSO certificate on the CABI server so that SDM can setup the impersonation.

2. Register the SSO certificate with SDM so that it can create the impersonation users.

3. If using HTTPS interface for CABI, create SSL trust so SDM can create HTTPS connection to CABI.

Now the specifics of each step

1. Create the SSO certificate.  This needs to be done on the CABI server where jasperserver-pro is installed.  The process creates a java keystore (format depends on the version of java used, which depends on the CUM used to run the integration). The actual process is the same for creating the SSO certificate regardless of which CABI interface is used for the creation process and the Insight connect interface.

1.a If the creation process will be done using the HTTPS interface for CABI then the setup java instance needs to trust the CABI certificate chain, so the java instances cacerts store needs to have either the CABI server certificate or the root certificate in its cacerts keystore.  Note that depending on the version of java different keystore options need to be used.  For java 11.x use

keytool -importcert -cacerts -file {full path to base64 certificate}

1b run the CUM setup and select SDM Insight integration.

2. Register the SSO certificate with SDM

2a the documentation is correct and the created keystore and properties files need to be copied to each SDM application server and the SDM service restarted.

3. Update SDM to trust the CABI certificate chain. The SDM java uses a specific keystore not the java instances cacerts keystore.

3a. If the {NX_ROOT}\pdmconf\nx.keystore does not already exist (or is corrupt due to sync issue) then delete the file if it exists.

3b. Update or create the nx.keystore with "pdm_perl pdm_keystore_mgr.pl -import {full path to base64 certificate}

3c. The password for the nx.keystore is put in the NX.ENV file an so is synchronized across all SDM server BUT the actually nx.keystore file is not ans must be manually copied to all the other SDM server (overwriting the nx.keystore file if it is present on the servers already).

3d. The SDM service needs to be restarted once the nx.keystore file has been updated/replaced

4. Update the SDM insight.jasper.xxx parameters to point to the correct URL

4a login to the SDM web interface as a user with administrative role. Select Administration -> xFlow -> General tree item

4b Set filter to %jasper% and search

4c Updated

insight.jasper.domain => {FQDN for CABI server}:{https port}

insight.jasper.host => {FQDN for CABI server}

insight.jasper.protocol => HTTPS

Now any user with the correct privileges can select the Insight tab and Press "Launch Insight" to access the CABI interface

Additional Information

Problem creating Jasper Profile

Launch button for Insights (CABI JasperReports) not working on Service Desk

https://knowledge.broadcom.com/external/article?articleId=143274