Clarity PPM1

Expand all | Collapse all

Issue with Custom SSO Logout page in V14.2

Jump to Best Answer
  • 1.  Issue with Custom SSO Logout page in V14.2

    Posted 08-27-2015 05:51 AM

    Dear All,

     

    We are facing an issue while logging out of Clarity(SSO enabled). Logout action of user should land user on specific logout page, while this works well in V13 environment but with V14.2 logout action redirects user to some different link and results into an error.

     

    Below is the configuration in properties .xml for logout action and the logout & error html files are kept under webroot folder.

     

      <sso tokenName="LOGIN" tokenType="header" logoutURL="https://empoweruat.capgemini.com/niku/logout.htm" errorURL="https://empoweruat.capgemini.com/niku/error.html"/>

     

    The logout action redirects to below URL:

    https://empoweruat.capgemini.com/niku/nu#action:union.externalError&c3RhdHVz=NDAz

     

    If we modify the property file for logout URL to be google, it works well.

     

      <sso tokenName="LOGIN" tokenType="header" logoutURL="www.google.com" errorURL="https://empoweruat.capgemini.com/niku/error.html"/>


    Any idea on this ?


    Regards,

    Gaurav



  • 2.  Re: Issue with Custom SSO Logout page in V14.2
    Best Answer

    Posted 08-27-2015 01:37 PM

    Files in that location ($NIKU_HOME/webroot) are now protected from access via a Content Filter in order to prevent possible exploitation and those filenames are not ones that the Content Filter will recognise / allow (i.e. they are not permitted 'out of the box' files).

     

    The supported approach to correcting this would be to find another server/service that can host your SSO files, and then updating your CSA error/logout URLs to this other service location.



  • 3.  Re: Issue with Custom SSO Logout page in V14.2

    Posted 08-27-2015 01:54 PM

    In addition I have raised the following Idea in order to ask for a feature to be considered for implementation in a future version of Clarity, to provide a supported way in which you can maintain the Content Filter's list of allowances.  You may wish to provide your support/vote for this if I am right in thinking it would be of help for the deployment you wished to have (and worked in previous versions before the Content Filter was introduced): Make Content Filter a configurable list of files/folders



  • 4.  Re: Issue with Custom SSO Logout page in V14.2

    Posted 08-28-2015 01:29 AM

    Thanks Nick for quick reply, and for your suggestion.

    We will check feasibility on your suggestion.

     

    Thanks,

    Bhanu



  • 5.  Re: Issue with Custom SSO Logout page in V14.2

    Posted 08-28-2015 01:42 PM

    Hi,

     

    I have been facing the same issue today and have been playing around a bit to see if I could overcome this issue.

     

    I have three custom html-files I need to be able to show to users which are not authorized to log into Clarity.

     

    What I did to come around this is that I edited the "Clarity Content Filter" in the Web.xml file (you find it under /clarity/webroot/WEB-INF)

     

    I have added "auth_error.html", "logged_out.html" and "maintenance.html" to the <param-value> below:

     

      <filter id="Clarity Content Filter">
        <filter-name>Clarity Content Filter</filter-name>
        <filter-class>com.niku.union.web.filter.ClarityContentFilter</filter-class>
        <init-param>
          <param-name>allowedList</param-name>
          <param-value>DefaultPrint.css,FeaturePrint.css,pagebutton-center.png,Login.gif,ajax-impls.js,ajax.js,lookupManagement.js,DefaultScreen.css,DocMgrScreen.css,LinkActions.js,common.js,Theme.css,FeatureScreen.css,Feature.css,smallFont.css,spacer.gif,WdgError.gif,Spacer.gif,/timesheet,spacer.png,blue.gif,eMailLogo.gif,workspace.png,BOServerStatus.jsp,monitor.jsp,monitor_lite.jsp,common.png,/login,/logoff,min.js,min.css,shortcut.ico,favicon.ico,s.gif,_header.gif,cache.js,gantt.js,hook.js,/nu,/app,.cache.html,hosted.html,pie.htc,/odata*,/odata.v2*,/soap,/sched,/xog,/proxool*,/wsdl*,/test.html,blue.gif,spacer.png,eMailLogo.gif,auth_error.html,logged_out.html,maintenance.html,/</param-value>
        </init-param>
      </filter>
    
    

     

    Before editing the Web.xml I recommend creating a copy of the original file, just in case.

     

    After changing the Web.xml file, you need to stop and start the app-service.  If you have a cluster, make sure you do the same update on every server in the cluster.

     

    The custom html-files are placed under /clarity/webroot/-folder.

    Remember to give read/write access rights for the html-files to the service account running Clarity. 

     

    This is probably "not supported".   I haven't tested this much, so it would be nice to hear if anyone else have any experience with editing the content filter.

     

    Knut



  • 6.  Re: Issue with Custom SSO Logout page in V14.2

    Posted 08-31-2015 05:49 AM

    Thanks Knut,

     

    It works like charm !!   Would check with CA if this a "Supported" apporach.

     

     

    Regards,

    Gaurav



  • 7.  Re: Issue with Custom SSO Logout page in V14.2

    Posted 08-31-2015 05:53 AM

    Hi Gaurav,

     

    This is not a supported approach to modify the files, so please use the approach Nick suggested.

     

    Regards

    Suman Pramanik