How to Enable NTLM Authentication for CA SDM Tomcat Using WAFFLE
Article ID: 72484
SUPPORT AUTOMATION- SERVERCA Service Desk Manager - Unified Self ServiceCA Service Desk ManagerCA Service Management - Asset Portfolio ManagementCA Service Management - Service Desk Manager
Out of the box SDM does not support NTLM Authentication on Tomcat. We can enable this with a third party library called WAFFLE. While this is not officially supported, it is a known workaround.
Release: 12.x / 14.1 / 17.x
Download the latest version (As of writing 1.8.3) of the WAFFLE zip from https://github.com/dblock/waffle/releases
Extract the file to a temporary directory (ex: c:\UNZIPPED_DIRECTORY) on the SDM server
Copy the files waffle-jna-1.8.1.jar, guava-19.0.jar, jna-4.2.2.jar, jna-platform-4.2.2.jar and slf4j-1.7.21.jar from the zip directory in step #2 above to the '%NX_ROOT%\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib' directory on the SDM server
NOTE: %NX_ROOT% refers to the Installation directory of CA SDM. For example, the default location is 'C:\Program Files (x86)\CA\Service Desk Manager' on a Windows 64-bit OS.
NOTE: Copying commons-logging-1.1.1.jar is optional as it is already present in another Tomcat directory.
Backup the current '%NX_ROOT%\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\web.xml' file. Open the file with a text editor and add the following content to the bottom of the file:
NOTE: All of the following lines have to be placed BEFORE the </web-app> HTML tag
Stop and start the SDM Tomcat process by running the following commands:
pdm_tomcat_nxd -c stop Wait for 10 seconds pdm_tomcat_nxd -c start
Check off "External Authentication" for the contact's Access Type.
Assuming that the SDM Contact record has External Authentication type enabled and O/S authentication enabled, the SDM Tomcat engine should now let you authenticate users for that access type without prompting you for the SDM logon screen.
The procedure above is not yet formally certified, but is a known workaround.
If there are any problems starting the SDM Tomcat process, review the '%NX_ROOT%\log\pdm_tomcat.log' file.
Single Sign On relies on NTLM based Windows Authentication being enabled in your browser. This is a setting that is usually active automatically in Internet Explorer. For information on this setting as it applies to Chrome and Firefox, please see: