CA Service Management

 View Only
  • 1.  17.2 USS integrated with EEM - switch off NTLM - logins no longer possible

    Posted Aug 29, 2019 04:33 AM
    Hi,
    we have an integrated environment with EEM - SDM/SLCM/USS/PAM/...
    Now customer wants to test without NTLM - communication between different domains.

    Switching off NTLM in all products is ok instead of USS.

    USS is integrated with EEM
    As long EEM's NTLM is switched on you can use USS beeing logged in automatically.
    Switching of EEM's NTLM login is no longer possible using other users than CASMAdmin (administrator)​
        Your request was not successfully completed.
        Authentication failed. Please try again.


    What you can see in liferay-log: (commented)

    --------------------------------------------------------------------
    login as CASMAdmin
    --------------------------------------------------------------------
    07:23:10,769 INFO  [EEMLogin:125] Found EEM Authentication enabled for lgln.niedersachsen.de
    07:23:10,771 INFO  [EEMLogin:125] Initializing safeContext...
    07:23:10,804 INFO  [EEMLogin:125] Safe Context initialized
    07:23:10,805 INFO  [EEMLogin:125] UserDefined Role is Business User
    07:23:10,805 INFO  [EEMLogin:125] Adding the user as an Admin
    07:23:10,810 INFO  [EEMLogin:125] No Role exists with the key {companyId=10154, name=OpenSpaceAdminGroup}
    07:23:10,836 INFO  [EEMLogin:125] User details is updated for the userid : 10196
    07:23:10,836 INFO  [EEMLogin:125] return Authenticator.SUCCESS
    07:23:13,078 INFO  [MultiTenantObjectPoolManager:125] Using a maxPoolSize of : 20 minPoolSize 2
    07:23:13,108 INFO  [Cache:125] Registering a new cache instance...
    07:23:13,811 WARN  [USDWebService:275] Failed to create URL for the wsdl Location: '', retrying as a local file
    07:23:13,811 WARN  [USDWebService:275] no protocol: 
    07:23:16,460 INFO  [EEMLogin:125] Found EEM Authentication enabled for lgln.niedersachsen.de
    07:23:16,462 INFO  [EEMLogin:125] Initializing safeContext...
    07:23:16,493 INFO  [EEMLogin:125] Safe Context initialized
    07:23:16,497 INFO  [EEMLogin:125] UserDefined Role is Business User
    07:23:16,498 INFO  [EEMLogin:125] Adding the user as an Admin
    07:23:16,499 INFO  [EEMLogin:125] No Role exists with the key {companyId=10154, name=OpenSpaceAdminGroup}
    07:23:16,511 INFO  [EEMLogin:125] User details is updated for the userid : 10196
    07:23:16,511 INFO  [EEMLogin:125] return Authenticator.SUCCESS
    07:23:18,190 INFO  [ClpSerializer:71] Unable to locate deployment context from portlet properties

    --------------------------------------------
    Login attempt as other user (Peter.Schmidt 11101)
    --------------------------------------------
    07:24:04,753 INFO  [EEMLogin:125] Found EEM Authentication enabled for lgln.niedersachsen.de
    07:24:04,755 INFO  [EEMLogin:125] Initializing safeContext...
    07:24:04,787 INFO  [EEMLogin:125] Safe Context initialized
    07:24:04,788 INFO  [EEMLogin:125] UserDefined Role is Business User
    07:24:04,801 INFO  [EEMLogin:125] User details is updated for the userid : 11101
    07:24:04,802 INFO  [EEMLogin:125] return Authenticator.SUCCESS
    ----------------------------------------------------------------------------------------------


    Does anybody have any idea?

    ------------------------------
    Senior Technical Consultant
    Fujitsu Services
    ------------------------------


  • 2.  RE: 17.2 USS integrated with EEM - switch off NTLM - logins no longer possible
    Best Answer

    Broadcom Employee
    Posted Sep 12, 2019 11:59 AM
    Hi Peter, 

    I have seen this issue in the past. Please try implementing the following document:

    https://ca-broadcom.wolkenservicedesk.com/external/article?legacyId=TEC1904296

    If the issue remains, try changing the value to bypass.liferay.screenname.validation from false to true and let us know the results.

    Regards, 
    Pablo


  • 3.  RE: 17.2 USS integrated with EEM - switch off NTLM - logins no longer possible

    Posted Sep 24, 2019 01:19 AM
    Hi Pablo,
    many thanks for your suggestion.
    Editing portal-ext.properties as described in TEC1904296 solved our problem.

    Thanks,
    Peter

    ------------------------------
    Senior Technical Consultant
    Fujitsu Services
    ------------------------------