03-12-2014 11:13 PM
I'm having a massive problem trying to get this to work, and any assistance would be greatly appreciated.
In my test instance, I have SM Server installed on one server, and the web client, src and windows client installed on another server. I'm using SM 9.32. I'm using Tomcat 7 and Apache 2.2
I've created certificates and have managed to get TSO working from the windows client correctly. I can't get it working in the web or SRC client. I'm more interested at the moment in getting it working in SRC. As the SRC and Client are on the same PC, I'm using the same certificates cacert and .keystore
I have done the following:
sm -loadBalancer -httpPort:13080 -sslConnector:0
sm -httpPort:13081 -JVMOption0:-Xms128m -JVMOption1:-Xmx256m -JVMOption2:-Xr -sslConnector:1 -httpsPort:13443 -ssl:1
In tomcat I've added:
<Connector port="8001" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" />
I'm using Apache in front of tomcat.
So I start up the SRC and in the logs it connects to SM and rebuilds the catalog perfectly.
I connect to the address: http://server/portal and my log file for tomcat is:
INFO [ajp-bio-8001-exec-1] (PreAuthenticationFilter.java:189) - SSO: user <myusername> was successfully pre-authenticated
It authenticates fine, because if I remove my user from the operator table, it fails here. SM.log shows that it's authenticated, but the website just says 'Page cannot be displayed'. If I don't run SSO and just normal authentication, the SRC loads up fine and I can login ok.
Anyone got any ideas why it would authenticate, but not show anything?
2 weeks ago
I did get it sorted. Some points to note below.
src.security.secureLogin=true needs to be set to false if you aren't accessing the SRC/Web client via https.
For the SRC servlets, I have them setup as:
sm -httpPort:13220 -debugnode -JVMOption0:-Xms128m -JVMOption1:-Xmx256m -JVMOption2:-Xr -sslConnector:1 -httpsPort:13221 -ssl:1 -ssl_reqClientAuth:2 -trustedsignon:1
And my sm.ini
#SSL Servlet parameters
Try those settings. Some may not be needed, as I'm running a vertical load balanced SM system, with web, thick clients and SRC.