How to log in to Spectrum OneClick when Single Sign-On (SS0) - Embedded Entitlements Manager (EEM) authentication fails.
search cancel

How to log in to Spectrum OneClick when Single Sign-On (SS0) - Embedded Entitlements Manager (EEM) authentication fails.

book

Article ID: 51430

calendar_today

Updated On: 01-17-2020

Products

Spectrum

Issue/Introduction

How to log in to Spectrum OneClick when Single Sign-On (SS0) - Embedded Entitlements Manager (EEM) authentication fails.

You are unable to log in to OneClick and get error:

 "SPECTRUM OneClick - Authorization Failure, 
Authorization failed. Ensure the user name and password are valid." Error seen in stdout.log:
2010-05-14 15:45:56.595] EEMSSOContext::authenticateWithPassword - EEM Error Attaching to Backend...
[resource=/spectrum/][username=spectrum] [2010-05-14 15:46:23.815] EEMSSOContext::authenticateWithPassword - EEM Error  Attaching to Backend...  

Environment

Release: Any
Component: SPCOCK

Cause

Normally this kind of a deadlock situation happens when you are authenticating only against the EEM server and not locally on the SpectroSERVER. If the LDAP server becomes unavailable, you will not have the ability to log in to Spectrum and there will be no way to disable the Single Sign-On in the Spectrum Web Administration options.

Resolution

To set the authentication to bypass the EEM server, do the following:

  1. Log in to the EEM home page using the admin account.
  2. The EEM configuration must be changed:
    from Reference from an external directory to Store in CA's Management Database (CA-MDB).
  3. The user must exist in the Manage Identities area of EEM because Single Sign-On is still enabled in Spectrum Web Administration. If the user does not exist, then create a new user in EEM.
    Be sure the passwords between Spectrum and EEM users are the same.
  4. Restart the tomcat service on the OneClick server.
    Now you should be able to log in to OneClick without any issues.

There are two options here, either add additional users to EEM for the non-LDAP integration or disable Single Sign-On in Spectrum Web Administration.

Note: Removing or renaming the files in the $SPECROOT\custom\sso\config directory will not work.