When ServiceDesk is configured for pass through authentication either on IIS or tomcat, the reports tab fail with Report Linking Error

book

Article ID: 52802

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

The reports tab fail with Report Linking Error when ServiceDesk is configured for Single Sign On in IIS or tomcat. This document explains the steps to resolve this problem.

Solution:

When integrated authentication is enabled in ServiceDesk either for Tomcat or IIS, the reports tab displays a Report Linking Error. See Fig 1

Fig 1

<Please see attached file for image>

Figure 1

If ServiceDesk is configured for Integrated authentication, for the CA Business Intelligence reports to work even CABI tomcat should be configured for Single Sign On.

Step 1: Configuring ServiceDesk Tomcat for Single Sign On

  1. Download the latest version of jcifs.jar file from http://jcifs.samba.org/

  2. Copy the file to $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory.

  3. Open the web.xml file present under $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\

  4. Locate the line <!-- Add filter here -->

  5. Add the following filter
     <!-- Add filter here -->     <filter>     <filter-name>NtlmHttpFilter</filter-name>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>     <init-param>     <param-name>jcifs.http.domainController</param-name>     <param-value> DomainControllerName </param-value>     </init-param>     </filter>   
    Domain Controller Name is the host name of the LDAP server.

  6. Locate the line <!-- Add filter-mapping here -->

  7. Add the following filter mapping
     <filter-mapping>     <filter-name>NtlmHttpFilter</filter-name>     <url-pattern>/*</url-pattern>     </filter-mapping>  
  8. Restart tomcat server using the commands pdm_tomcat_nxd -c stop, pdm_tomcat_nxd -c start

Step 2: Configuring CA Business Intelligence for Single Sign On

  1. Download jcifs-1.2.25.jar from the site http://jcifs.samba.org/

  2. Place it under \CommonReporting\Tomcat\shared\lib folder.

  3. Open the web.xml file present under \CommonReporting\Tomcat\conf folder with a text editor.

  4. Add the following filter and filter mapping under the first tag <web-app>

    <filter> <filter-name>NtlmHttpFilter</filter-name> <filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param> <param-name>jcifs.http.domainController</param-name>  <param-value> DomainControllerName </param-value> </init-param> </filter> <filter-mapping> <filter-name>NtlmHttpFilter</filter-name> <url-pattern>/*</url-pattern>  </filter-mapping>
  5. Save and close the file

Step 3: Setup Trusted Authentication in CA Business Intelligence

  1. Login to Central Management Console as Administrator.

  2. Click on Authentication, then go to Enterprise tab.

  3. Scroll down and check the option Trusted Authentication is enabled option. Enter a shared secret in the Shared secret field See Fig 2

    Fig 2

    <Please see attached file for image>

    Figure 2

  4. Click on Update to Save the changes.

  5. Navigate to the folder \CommonReporting\BusinessObjects Enterprise 11.5\win32_x86\plugins\auth\secEnterprise

  6. Create a new file called TrustedPrincipal.conf and in the file enter the Shared Secret as SharedSecret=xxxxx (Where xxxx is the shared secret entered in the CMC)

  7. Save and close the file.

  8. Open the web.xml file present under \CommonReporting\Tomcat\webapps\businessobjects\enterprise115\desktoplaunch\WEB-INF with a text editor

  9. Make the following changes

    <param-name> Default value New value
    cms.default Hostname:port of your CMS Hostname:port of your CMS
    siteminder.enabled true false
    sso.enabled false true
    trusted.auth.user.retrieval (blank) REMOTE_USER (see below)
    trusted.auth.user.param (blank) (blank)
    trusted.auth.shared.secret (blank) (blank)


    The parameter trusted.auth.user.retrieval should look like the following:
    <context-param>    <param-name>trusted.auth.user.retrieval</param-name>    <param-value>REMOTE_USER</param-value>  </context-param>
  10. Save and close the file.

  11. Restart Tomcat Server for CABI from Central Configuration Manager. See Fig 3

    Fig 3

    <Please see attached file for image>

    Figure 3

  12. Login to ServiceDesk as Administrator and go to Administration->Options Manager->Web Report

  13. Change the option for bo_server_auth from secEnterprise to secExternal. See Fig 4

    Fig 4

    <Please see attached file for image>

    Figure 4

  14. Restart CA ServiceDesk Services.

Environment

Release:
Component: ARGIS

Attachments

1558721133072000052802_sktwi1f5rjvs16vx7.gif get_app
1558721131109000052802_sktwi1f5rjvs16vx6.gif get_app
1558721129099000052802_sktwi1f5rjvs16vx5.gif get_app
1558721127193000052802_sktwi1f5rjvs16vx4.gif get_app