Advanced Search
  2. Forum Index
  3. SysAid Integration
  4. Kerberos and SSO

Kerberos and SSO

Post Reply
 
Author
Message
MichaelZ
Elite SysAider
237
 
Kerberos and SSO
Nov. 05, 2012 03:34 PM
Hi,

has anybody manged to enable SSO with Kerberos yet?

/Michael
Awsh
SysAider
2
 
Kerberos and SSO
Nov. 14, 2012 12:00 PM
hello,
Im working on the same problem, followed the given instructions but SSO is not working ..

LDAP is working,
2008 R2 servers / Win7 clients / IE8

/Andreas
Cael
Super SysAider
62
 
Re:Kerberos and SSO
Nov. 21, 2012 05:18 AM
Hi MichaelZ, Awsh, did you guys follow instructions similar to these?

If so, it appears like the param names are all misspelt.

I noticed that the class names are all "spnego" - whereas the params in the instructions all read "spengo".
[https://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html - paragraph 4.2]

I am unsure as to whether the param names even matter, nor I have not contacted SysAid Support to confirm this, however, if you have followed those instructions word for word as well as upgraded SysAid to Version 9 and are running Tomcat 7, then I suggest trying at least to rename each param and see if this works.


I would like to know if this does resolve the issue, so please let me know what you think and how you go.

Cheers,
Cael
MichaelZ
Elite SysAider
237
 
Re:Kerberos and SSO
Nov. 21, 2012 11:11 AM
After renaming the variables the server won't start.

/Michael
MichaelZ
Elite SysAider
237
 
Re:Kerberos and SSO
Nov. 23, 2012 07:46 AM
I have had a nice session with SysAid support.

We tried several things but were unable to get Kerberos and SSO to work.

The things we discovered were that
- one file referred to from server.conf was missing -> 'logon.conf'.
- Our AD is based on 2003 servers and there may be some restrictions on which encryption methods can be used.

The errors related to the last issue were about AES encryption and downgrading to NTLM both displayed when you try to open the sysaid homepage.

This message was edited 1 time. Last update was at Nov. 23, 2012 07:48 AM
Awsh
SysAider
2
 
Re:Kerberos and SSO
Nov. 27, 2012 09:07 AM
Hello
Changing the Conf to spengo instead of spnego didnt make much difference for us.
we still just get the logon screen when accessing the website.

first we had problems with the site saying that we didnt have the right encryption configured this was solved by Checking "this account supports Kerberos AES 256bit encryption" on the service account in the Account tap in AD.
after this was done we got past the error and just got the normal logon screen. so no SSO working.

/Andreas
MichaelZ
Elite SysAider
237
 
Re:Kerberos and SSO
Dec. 16, 2012 04:51 PM
Any news on this?
WhiteTiger
SysAider
30
 
Kerberos and SSO
Jan. 22, 2013 10:46 PM
I am starting to work on this as well. I found the following login.conf file and saved it under ../tomcat/conf directory

https://spnego.sourceforge.net/login.conf

When I access the login page, all I get is a blank page without any other error. I probably contact support next to find out if anything we are missing.
Dan_CXX
SysAider
16
 
Re:Kerberos and SSO
Apr. 02, 2013 06:54 AM
Has this been flagged for a fix yet?

We have spent multiple days attempting to implement Kerberos SSO and have had to resort to manual username and password entry as Sysaid's implementation appears to be incomplete (to put it politely).

This message was edited 1 time. Last update was at Apr. 02, 2013 06:54 AM
Joseph Zargari
SysAid VP Customer Relations
604
 
Re:Kerberos and SSO
Jul. 09, 2013 09:08 PM
If anyone still wants to try that, please let me know. We believe to have found the problem we had with our instruction set and want to try this with customers over remote control session before releasing the corrected instructions.

Thanks,
Joseph
MichaelZ
Elite SysAider
237
 
Re:Kerberos and SSO
Jul. 10, 2013 06:13 AM
Hi,

would love to test this. This friday or mon-fri next week would be possible for me to ttest.

/Michael

This message was edited 1 time. Last update was at Jul. 10, 2013 06:13 AM
Joseph Zargari
SysAid VP Customer Relations
604
 
Re:Kerberos and SSO
Jul. 10, 2013 10:13 AM
Hi Michael,
I will ask your account manager to arrange the remote control session so we could test the configuration.

Thanks,
Joseph.
rmiiokte
SysAider
3
 
Re:Kerberos and SSO
Jul. 17, 2013 07:53 PM
I am using LDAP right now and it works for the most part....

I can log into the helpdesk as an administrator just fine but end users attempting to complete the survey or open a new incident are being asked to login.

I would like to know if Kerberos is working as I will try that setup.

We are running in windows 2003 functional mode.

Thank You.

Joseph Zargari
SysAid VP Customer Relations
604
 
Re:Kerberos and SSO
Jul. 21, 2013 05:59 PM
Hi rmiiokte,
SSO was configured with Kerberos on a few customer environments, but not enough to say it we got it figured out. Please contact your account manager and we'll try the setup with your environment as well.

Thanks,
Joseph.
Tomaso
SysAid Wiz
318
 
Re:Kerberos and SSO
Dec. 04, 2013 10:03 AM
Hi all,
here are my five cents

I've tried to config kerberos on our client test environment and it works fine, but when we have tried it on the production server it gives an error:

2013-12-04 10:21:05,755 [http-80-101] ERROR com.sysaid - SysAid Error Number#0 in account accvensia: Error while processing SysAid request.
javax.servlet.ServletException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)

We are currently working to check what is wrong, it is possible that some windows updates are missing so we are working on it.

I'll update you soon (or we'll call SysAid Support )

Bye!
Post Reply
 
  2. Forum Index
  3. SysAid Integration
  4. Kerberos and SSO