SPC-OCA-10486 - Can't login into CA Spectrum OneClick web page after CA EEM 12.51 integration
search cancel

SPC-OCA-10486 - Can't login into CA Spectrum OneClick web page after CA EEM 12.51 integration

book

Article ID: 7597

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

After upgrading to CA Spectrum 10.2.1 and enabling the CA EEM 12.51 integration, user is unable to login in OneClick web page, with it continuously cycling through asking for username and password.

Errors similar to the following can be found in the log file:

$SPECROOT/tomcat/logs/sdtout.log:

<MON> <DAY>, <YEAR> <HR>:<MIN>:<SEC> - SPC-OCA-10486: Error: CA Spectrum user model not found for user <domain>\<user>.

For example:

Jul 28, 2017 10:14:55.892 SPC-OCA-10486: Error: CA Spectrum user model not found for user ad.company.com\user1

The following errors can also be found in the CA EEM debug log:

[2017-07-28 10:14:55.877] [EEMSSOContext::authenticateWithPassword] EEM password authentication successful. [/spectrum/][<user>]

[2017-07-28 10:14:55.877] [EEMSSOContext::authenticateWithPassword] [/spectrum/][<user>][UserSession;Version-1.0;dd71c8d592f2115a37d1f7826a619a86-597b1913-cc82b00-4] returned.

[2017-07-28 10:14:55.877] [ExternalSSOAuth::authenticate] Successfully authenticated user/pass with SSO Server ["GET /spectrum/"]["0:0:0:0:0:0:0:1"]["<user>"][authenticated="true"][authorized="false"]

[2017-07-28 10:14:55.877] [ExternalSSOAuth::authenticate] usernameFromToken <domain>\<user>

[2017-07-28 10:14:55.892] [ExternalSSOAuth::authenticate] Could not authorize request for resource. ["GET /spectrum/"]["0:0:0:0:0:0:0:1"]["<domain>\<user>"][authenticated="true"][authorized="false"]

Environment

CA Spectrum 10.2.x, 10.1.x and CA EEM 12.51

Cause

Customer has configured the CA EEM for Multiple Microsoft Active Directory Domains, but has just one Active Directory.

The CA EEM is appending the domain in the account name, like: ad.company.com\user1, instead of only user1.

Resolution

Configure the CA EEM for Basic LDAP Directory.

Delete the setting for Multiple Microsoft Active Directory Domains and configure for Basic LDAP Directory.

Login will succeed.