42 Replies Latest reply: May 10, 2012 4:03 PM by John Bautista RSS

BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp

Phillip Putzback
Currently Being Moderated

Everything in the "Configuring Vintela SSO in distributed Environments =- Complete Guide" went relatively smoothly until I had to edit the web.xml. The first problem was that the guide didn't tell me where to find the web.xml. Luckily at http://geek2live.net/page/4/ Step 15 I found a path. Then once I uncommented the authfilter section I got the 404 error.

 

What can I post here to help troubleshoot this issue?

 

Thanks,

Phil

  • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
    Arjun Venkateswarlu
    Currently Being Moderated

    Hi Pap,

     

    We had the same issue in BOBJ 3.1 SP 3.6.

     

    In Authfilter for "IDM.PRINC" instead of using "BOSSO/<SERVICENAME> just use the service name.

     

    Thanks,

    Sravanthi.

    • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
      Phillip Putzback
      Currently Being Moderated

      I wasnt to verify a couple other settings. Loction and the idm.keytab parameter.

      Here are the two locations for the web.xml file I have been keeping in synch:

      Program Files (x86)\Business Objects\BusinessObjects Enterprise 12.0\warfiles\WebApps\InfoViewApp\WEB-INF\web.xml

      and

      Program Files (x86)\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF

       

      Also do I need to enable the idm.keytab. Right now I have it commented out,

       

      <init-param>

              <param-name>idm.keytab</param-name>

              <param-value>C:\WINNT\HostMachineName-svc_BOECMS_TST.keytab</param-value>

      </init-param>

       

      Thanks,

      Phil

       

      Edited by: PAPutzback on Dec 29, 2011 3:27 PM

      • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
        Phillip Putzback
        Currently Being Moderated

        I still have the keytab commented out but the change to the idm.principal has caused this error tot repalce the 404 error:

        HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

         

        -


         

        • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
          Arjun Venkateswarlu
          Currently Being Moderated

          Hi,

           

          Can you please paste your web.xml which is in Tomcat ?

           

          Thanks,

          Sravanthi

          • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
            Phillip Putzback
            Currently Being Moderated

            <context-param>

                    <param-name>cms.default</param-name>

                    <param-value>ETBO1:6400</param-value>

                </context-param>

             

                <context-param>

                    <param-name>cms.visible</param-name>

                    <param-value>true</param-value>

                </context-param>

            <context-param>

                    <param-name>authentication.default</param-name>

                    <param-value>secwinAD</param-value>

                </context-param>

             

                <context-param>

                    <param-name>authentication.visible</param-name>

                    <param-value>true</param-value>

                </context-param>

             

                <context-param>

                    <param-name>siteminder.enabled</param-name>

                    <param-value>false</param-value>

                </context-param>

             

            <context-param>

                    <param-name>siteminder.authentication</param-name>

                    <param-value>secWinAD</param-value>

                </context-param>

            <context-param>

                    <param-name>vintela.enabled</param-name>

                    <param-value>true</param-value>

                </context-param>

             

             

                <context-param>

                    <param-name>sso.enabled</param-name>

                    <param-value>true</param-value>

                </context-param>

             

                <context-param>

                    <param-name>sso.sap.primary</param-name>

                    <param-value>true</param-value>

                </context-param>

             

                <context-param>

                    <param-name>logontoken.enabled</param-name>

                    <param-value>true</param-value>

                </context-param>

             

                <context-param>

                    <param-name>persistentcookies.enabled</param-name>

                    <param-value>true</param-value>

                </context-param>

            <context-param>

                    <param-name>trusted.auth.user.retrieval</param-name>

                    <param-value>USER_PRINCIPAL</param-value>

                </context-param>

             

                <context-param>

                    <param-name>trusted.auth.user.param</param-name>

                    <param-value></param-value>

                </context-param>

             

                 <context-param>

                    <param-name>trusted.auth.shared.secret</param-name>

                    <param-value></param-value>

                </context-param>

             

                <context-param>

                    <param-name>config.logon.service.context</param-name>

                    <param-value></param-value>

                </context-param>

             

                <context-param>

                    <param-name>config.logon.service.url</param-name>

                    <param-value></param-value>

                </context-param>

            <context-param>

                    <param-name>SMTPFrom</param-name>

                    <param-value>true</param-value>

                </context-param>

             

                <context-param>

                    <param-name>url.error</param-name>

                    <param-value>/jsp/common/error.jsp</param-value>

                </context-param>

             

                <context-param>

                    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>

                    <param-value>com.businessobjects.infoview.ApplicationResources</param-value>

                </context-param>

             

                <context-param>

                    <param-name>distributable</param-name>

                    <param-value>true</param-value>

                </context-param>

             

                  <context-param>

                    <param-name>path.rightFrame</param-name>

                    <param-value>1</param-value>

                </context-param>

                <filter>

                    <filter-name>EncodingFilter</filter-name>

                    <filter-class>com.businessobjects.webutil.encoding.EncodingFilter</filter-class>

                </filter>

             

                <filter>

                    <filter-name>ApplicationServiceCacheControlFilter</filter-name>

                    <filter-class>com.businessobjects.webutil.caching.ApplicationServiceCacheControlFilter</filter-class>

                </filter>

             

                <filter>

                    <filter-name>CacheControlFilter</filter-name>

                    <filter-class>com.businessobjects.webutil.caching.CacheControlFilter</filter-class>

                </filter>

             

                <filter>

                    <filter-name>authFilter</filter-name>

                    <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

             

                    <init-param>

                        <param-name>idm.realm</param-name>

                        <param-value>CAL.COMMUNITY.COM</param-value>

                    </init-param>

             

                    <init-param>

                        <param-name>idm.princ</param-name>

                        <param-value>svc_BOECMS_TST</param-value>

                    </init-param>

             

            <!--

                  <init-param>

                    <param-name>idm.keytab</param-name>

                    <param-value>C:\WINNT\HostMachineName-svc_BOECMS_TST.keytab</param-value>

                  </init-param>

            -->

            <init-param>

              <param-name>idm.allowUnsecured</param-name>

              <param-value>true</param-value>

            </init-param>

             

            <init-param>

              <param-name>idm.allowNTLM</param-name>

              <param-value>false</param-value>

            </init-param>

             

            <init-param>

              <param-name>idm.logger.name</param-name>

              <param-value>simple</param-value>

              <description>

                The unique name for this logger.

              </description>

            </init-param>

          • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
            Phillip Putzback
            Currently Being Moderated

            <init-param>

              <param-name>idm.logger.props</param-name>

              <param-value>error-log.properties</param-value>

              <description>

                Configures logging from the specified file.

              </description>

            </init-param>

             

            <init-param>

              <param-name>error.page</param-name>

              <param-value>../logonNoSso.jsp</param-value>

              <description>

                The URL of the page to show if an error occurs during authentication.

              </description>

            </init-param>

            </filter>

             

             

             

            <filter-mapping>

              <filter-name>EncodingFilter</filter-name>

              <url-pattern>*.jsp</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>EncodingFilter</filter-name>

              <url-pattern>*.faces</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>ApplicationServiceCacheControlFilter</filter-name>

              <url-pattern>/common/appService.do</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>CacheControlFilter</filter-name>

              <url-pattern>*.gif</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>CacheControlFilter</filter-name>

              <url-pattern>*.css</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>CacheControlFilter</filter-name>

              <url-pattern>*.js</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>CacheControlFilter</filter-name>

              <url-pattern>*.html</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>CacheControlFilter</filter-name>

              <url-pattern>/ure/ure/cache/images/*</url-pattern>

            </filter-mapping>

             

            <filter-mapping>

              <filter-name>authFilter</filter-name>

              <url-pattern>/logon/logonService.do</url-pattern>

            </filter-mapping>

             

            <listener>

              <listener-class>com.businessobjects.sdk.ceutils.SessionCleanupListener</listener-class>

            </listener>

             

            <listener>

              <listener-class>com.sun.faces.config.ConfigureListener</listener-class>

            </listener>

             

             

            <servlet>

              <servlet-name>action</servlet-name>

              <servlet-class>com.crystaldecisions.webapp.struts.framework.CrystalUTF8InputActionServlet</servlet-class>

             

              <init-param>

                <param-name>application</param-name>

                <param-value>com.businessobjects.infoview.ApplicationResources</param-value>

              </init-param>

              <init-param>

                <param-name>config</param-name>

                <param-value>/WEB-INF/struts-config.xml</param-value>

              </init-param>

              <init-param>

                <param-name>debug</param-name>

                <param-value>0</param-value>

              </init-param>

              <init-param>

                <param-name>content</param-name>

                <param-value>text/html;charset=utf-8</param-value>

              </init-param>

              <init-param>

                <param-name>detail</param-name>

                <param-value>0</param-value>

              </init-param>

              <init-param>

                <param-name>validate</param-name>

                <param-value>true</param-value>

              </init-param>

              <init-param>

                <param-name>nocache</param-name>

                <param-value>true</param-value>

              </init-param>

              <load-on-startup>3</load-on-startup>

            </servlet>

             

            <servlet>

              <servlet-name>AppServiceServlet</servlet-name>

              <servlet-class>com.crystaldecisions.webapp.struts.framework.CrystalUTF8InputActionServlet</servlet-class>

             

              <init-param>

                <param-name>application</param-name>

                <param-value>com.businessobjects.infoview.ApplicationResources</param-value>

              </init-param>

              <init-param>

                <param-name>config</param-name>

                <param-value>/WEB-INF/struts-config.xml</param-value>

              </init-param>

              <init-param>

                <param-name>debug</param-name>

                <param-value>0</param-value>

              </init-param>

              <init-param>

                <param-name>content</param-name>

                <param-value>text/html;charset=utf-8</param-value>

              </init-param>

              <init-param>

                <param-name>detail</param-name>

                <param-value>0</param-value>

              </init-param>

              <init-param>

                <param-name>validate</param-name>

                <param-value>true</param-value>

              </init-param>

              <load-on-startup>3</load-on-startup>

            </servlet>

             

            <servlet>

              <servlet-name>Faces Servlet</servlet-name>

              <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>

              <load-on-startup>1</load-on-startup>

            </servlet>

             

            <servlet>

              <servlet-name>Not Found Servlet</servlet-name>

              <servlet-class>com.businessobjects.webutil.ForwardServlet</servlet-class>

              <init-param>

                <param-name>url</param-name>

                <param-value>/httperror_404.htm</param-value>

              </init-param>

              <load-on-startup>4</load-on-startup>

            </servlet>

             

            <servlet-mapping>

              <servlet-name>Faces Servlet</servlet-name>

              <url-pattern>*.faces</url-pattern>

            </servlet-mapping>

             

             

            <servlet-mapping>

              <servlet-name>action</servlet-name>

              <url-pattern>*.do</url-pattern>

            </servlet-mapping>

            • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
              Arjun Venkateswarlu
              Currently Being Moderated

              Please make  changes as below and try again

               

              <param-name>cms.visible</param-name>

              <param-value>true</param-value>

              </context-param>

               

              set to FALSE

               

              <context-param>

              <param-name>sso.sap.primary</param-name>

              <param-value>true</param-value>

              </context-param>

               

              set to FALSE

               

              In server.xml in Tomcat55/Conf folder change as below

               

              <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="32768" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="8443" />

               

              Thanks,

              Sravanthi

              • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                Phillip Putzback
                Currently Being Moderated

                I am still getting this error:

                HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

                 

                -


                 

                type Status report

                 

                message com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78

                 

                description The server encountered an internal error (com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: com.dstc.security.util.asn1.Asn1Exception: Bad tag encountered: 78) that prevented it from fulfilling this request.

                • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                  Arjun Venkateswarlu
                  Currently Being Moderated

                  Can you please make sure, you have increased MaxHttpHeaderSize in NON-SSL.

                   

                  After increasing maxHttpHeaderSize for non-SSL

                  MaxHttpHeaderSize - 32768

                  • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                    Phillip Putzback
                    Currently Being Moderated

                    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->

                        <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="32768" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="8443"/>

                        <!-- Note : To disable connection timeouts, set connectionTimeout value

                         to 0 -->

                     

                    And that is here:
                    ETBO1\Program Files (x86)\Business Objects\Tomcat55\conf\server.xml

                    • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                      Arjun Venkateswarlu
                      Currently Being Moderated

                      If you don't mind, let's replace the original web.xml and server.xml file and try modifying again. Let's change the authentication part first without modifying Authfilter.

                       

                      Please change the authentication part as below and make sure you get InfoViewApp page and let us know.

                       

                      <context-param>

                              <param-name>cms.default</param-name>

                              <param-value>ETBO1:6400</param-value>

                          </context-param>

                       

                          <!-- Choose whether to let the user change the CMS name -->

                          <!-- If it isn't shown the default System from above will be used -->

                          <context-param>

                              <param-name>cms.visible</param-name>

                              <param-value>false</param-value>

                          </context-param>

                       

                          <!-- You can specify the default Authentication types here -->

                          <!-- secEnterprise, secLDAP, secWinAD, secSAPR3 -->

                          <context-param>

                              <param-name>authentication.default</param-name>

                              <param-value>secWinAD</param-value>

                          </context-param>

                       

                          <!-- Choose whether to let the user change the authentication type -->

                          <!-- If it isn't shown the default authentication type from above will be used -->

                          <context-param>

                              <param-name>authentication.visible</param-name>

                              <param-value>true</param-value>

                          </context-param>

                       

                          <!-- The default home page -->

                          <context-param>

                              <param-name>homepage.default</param-name>

                              <param-value>/jsp/listing/home.jsp</param-value>

                          </context-param>

                       

                          <!-- If the locale preference is disabled (only english languages will be used/allowed) -->

                          <context-param>

                              <param-name>disable.locale.preference</param-name>

                              <param-value>false</param-value>

                          </context-param>

                       

                          <!-- Set to false to disable Siteminder single sign on. -->

                          <context-param>

                              <param-name>siteminder.enabled</param-name>

                              <param-value>false</param-value>

                          </context-param>

                       

                          <!-- You can specify the siteminder Authentication type here -->

                          <!-- secLDAP, secWinAD -->

                          <context-param>

                              <param-name>siteminder.authentication</param-name>

                              <param-value>secLDAP</param-value>

                          </context-param>

                       

                          <!-- Set to true to enable Vintela single sign on. -->

                          <context-param>

                              <param-name>vintela.enabled</param-name>

                              <param-value>true</param-value>

                          </context-param>

                       

                          <!-- Set to true to enable other single sign on. -->

                          <context-param>

                              <param-name>sso.enabled</param-name>

                              <param-value>false</param-value>

                          </context-param>

                       

                          <!-- Set to true to use SAP SSO as the application's primary SSO mechanism -->

                          <context-param>

                              <param-name>sso.sap.primary</param-name>

                              <param-value>false</param-value>

                          </context-param>

                       

                          <!-- Set to false to disable logon with token. -->

                          <context-param>

                              <param-name>logontoken.enabled</param-name>

                              <param-value>true</param-value>

                          </context-param>

                      • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                        Phillip Putzback
                        Currently Being Moderated

                        I made the change. The only one I think that did not match was

                         

                          <!-- You can specify the siteminder Authentication type here -->

                            <!-- secLDAP, secWinAD -->

                            <context-param>

                                <param-name>siteminder.authentication</param-name>

                                <param-value>secLDAP</param-value>

                            </context-param>

                         

                         

                        Mine was originally secWinAD

                         

                        I can manually log in to InfoView with my AD info but not with the service account info.

                        • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                          Arjun Venkateswarlu
                          Currently Being Moderated

                          Thats good, Since we didn't change the AuthFIlter yet, this is known.

                           

                          Please change the Authfilter as below

                           

                          <filter>

                                  <filter-name>authFilter</filter-name>

                                  <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

                           

                                  <init-param>

                                      <param-name>idm.realm</param-name>

                                      <param-value>DOMAIN.DOMIAN</param-value>

                                  </init-param>

                           

                                  <init-param>

                                      <param-name>idm.princ</param-name>

                                      <param-value>SERVICEBO</param-value>

                                  </init-param>

                           

                               <init-param>

                                     <param-name>idm.keytab</param-name>

                                     <param-value>C:\winnt\bofinale.keytab</param-value>

                                  </init-param>

                           

                           

                                  <init-param>

                                      <param-name>idm.allowUnsecured</param-name>

                                      <param-value>true</param-value>

                                  </init-param>

                           

                                  <init-param>

                                      <param-name>idm.allowNTLM</param-name>

                                      <param-value>false</param-value>

                                  </init-param>

                           

                                  <init-param>

                                      <param-name>idm.logger.name</param-name>

                                      <param-value>simple</param-value>

                                      <description>

                                          The unique name for this logger.

                                      </description>

                                  </init-param>

                           

                                  <init-param>

                                      <param-name>idm.logger.props</param-name>

                                      <param-value>error-log.properties</param-value>

                                      <description>

                                          Configures logging from the specified file.

                                      </description>

                                  </init-param>

                           

                                  <init-param>

                                      <param-name>error.page</param-name>

                                      <param-value>../logonNoSso.jsp</param-value>

                                      <description>

                                          The URL of the page to show if an error occurs during authentication.

                                      </description>

                                  </init-param>

                              </filter>

                          • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                            Phillip Putzback
                            Currently Being Moderated

                            After I make this change I get the 404 error.

                             

                            HTTP Status 404 - /InfoViewApp/logon.jsp

                             

                            -


                             

                            type Status report

                             

                            message /InfoViewApp/logon.jsp

                             

                            description The requested resource (/InfoViewApp/logon.jsp) is not available.

                            • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                              Arjun Venkateswarlu
                              Currently Being Moderated

                              OK, In your BOBJ server type below command and pleas paste the log

                               

                              setspn -L <SERVICENAME>

                               

                              below is mine, please compare it with yours

                               

                              C:\Users\boadm>setspn -L SERVICEBO

                              Registered ServicePrincipalNames for CN=SERVICEBO,OU=USERS,OU=SAP,OU=SITES,DC=DOMAIN,DC=local:

                                      HTTP/10.1.47.71

                                      HTTP/SAPBO01.DOMAIN.LOCAL

                                      HTTP/SAPBO01

                                      BOSSO/SERVICEBO.DOMAIN.LOCAL

                               

                              You can register the setspn as below :-

                               

                              example

                               

                              setspn -A HTTP/SAPBO01.LEPRINO.LOCAL  SERVICEBO

                              • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                Phillip Putzback
                                Currently Being Moderated

                                C:\Users\BOECMS_TST>setspn -l BOECMS_TST

                                Registered ServicePrincipalNames for CN=BOECMS_TST,OU=Service Accounts - BV,

                                OU=Servers,DC=cal,DC=community,DC=com:

                                        http/10.246.32.103

                                        http/10.246.32.102

                                        http/etbo1

                                        http/etbo2.cal.community.com

                                        http/etbo2

                                        http/etbo1.cal.community.com

                                        ETBO1/BOECMS_TST.cal.community.com

                                        ETBO2/BOECMS_TST.cal.community.com

                                 

                                And I am still getting the 404 error.

                                 

                                And I have this error in the tomcat.log

                                Exception starting filter authFilter

                                com.wedgetail.idm.sso.ConfigException: No keytab entries for BOECMS_TST_AT_CAL.COMMUNITY.COM in keytab

                                • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                  Phillip Putzback
                                  Currently Being Moderated

                                  Running kinit gives me this:

                                  C:\Program Files (x86)\Business Objects\javasdk\bin>kinit BOECMS_TST

                                  Password for BOECMS_TST AT CAL.COMMUNITY.COM:password

                                  Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no s

                                  upport for encryption type

                                  KrbException: KDC has no support for encryption type (14)

                                          at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)

                                          at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)

                                          at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:444)

                                          at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310)

                                          at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:259)

                                          at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)

                                  Caused by: KrbException: Identifier doesn't match expected value (906)

                                          at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)

                                          at sun.security.krb5.internal.ASRep.init(ASRep.java:58)

                                          at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)

                                          at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)

                                          ... 5 more

                                  • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                    Arjun Venkateswarlu
                                    Currently Being Moderated

                                    1). You can try deleting all 02 ETB02 entries from ETB01 setspn

                                     

                                    example :- setspn -D http://http/etbo2.cal.community.com BOECMS_TST

                                     

                                    Also in Web.xml file in the place of IDM.PRIC use BOECMS_TST (Account Name)

                                     

                                    please use the below command to create the key

                                     

                                    ktpass -out bofinale.keytab -princ BOECMS_TSTATDOMAIN.LOCAL -password <password> -kvno 255-ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

                                     

                                    AT -- @ (forums not allowing me to type @ as it thinks as email address)

                                    • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                      Phillip Putzback
                                      Currently Being Moderated

                                      I got the new key tab and made the change in web.xml

                                       

                                      <init-param>

                                              <param-name>idm.keytab</param-name>

                                              <param-value>C:\WINNT\bosso.keytab</param-value>

                                            </init-param>

                                       

                                      This is the error in TomCat

                                      [localhost].[/InfoViewApp] Thread [Thread-1];  Exception starting filter authFilter

                                      com.wedgetail.idm.sso.ConfigException: No keytab entries for BOECMS_TST_AT_CAL.COMMUNITY.COM in keytab: Version: 5.2

                                      File: C:\WINNT\bosso.keytab, modified Thu Dec 29 16:09:57 EST 2011, loaded Thu Dec 29 16:33:35 EST 2011

                                       

                                      I am also still getting the 404 error in the internet explorer when trying to connect to infoview.

                                      • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                        Arjun Venkateswarlu
                                        Currently Being Moderated

                                        Let's get the InfoPage working and we will work on keytab.

                                         

                                        Did you tried  deleting all 02 ETB02 entries from ETB01 setspn

                                         

                                        example :- setspn -D http://etbo2.cal.community.com BOECMS_TST

                                         

                                        comment the idm.keytab and please provide password in Tomcat configuration.

                                         

                                        Also please paste setspn -L BOECMS_TST after deleting the ETB02 from ETB01 system.

                                        • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                          Phillip Putzback
                                          Currently Being Moderated

                                          SETSPN -!

                                           

                                          C:\Users\PAPutzba>setspn -l BOECMS_TST

                                          Registered ServicePrincipalNames for CN=BOECMS_TST,OU=Service Accounts - BV,

                                          OU=Servers,DC=cal,DC=community,DC=com:

                                                  http/10.246.32.102

                                                  http/etbo1

                                                  http/etbo1.cal.community.com

                                                  ETBO1/BOECMS_TST.cal.community.com

                                           

                                          I can manually log in to info view now.

                                           

                                          FYI. I am logged into the machine via rdp with my username, not the service account. I also can manually log in to infoview with my username but not the BOECMS_TST service account. Is there something there we need to change?

                                          • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                            Arjun Venkateswarlu
                                            Currently Being Moderated

                                            Great ! it means we got the InfoViewPage working.

                                             

                                            You can login manually because, we have commented the keytab in web.xml

                                             

                                            Now, let's uncomment the keytab in web.xml and try to login with the keytab file which got generated by the command I gave you.

                                             

                                            Make sure NON-SSL in server.xml has the value mentioned before.

                                             

                                            if you still have FWN-006 error, then something wrong in keytab file. Please paste the complete command and output.

                                             

                                            points are appreciated.

                                            • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                              Phillip Putzback
                                              Currently Being Moderated

                                              I commented out the file and now I get the 404 error in internet explorer.

                                               

                                               

                                              This is from the tomcat log:

                                              29-12-11 17:29:10:785 - [localhost].[/InfoViewApp] Thread [Thread-1];  Exception starting filter authFilter

                                              com.wedgetail.idm.sso.ConfigException: No keytab entries for BOECMS_TST_AT_CAL.COMMUNITY.COM in keytab: Version: 5.2

                                              File: C:\WINNT\bosso.keytab,

                                               

                                              I amde a copy of the keytab file and opened it in notepad and the only text I can read is CAL.COMMUNITY  svc_BOECMS_TST and the rest of the text is not alpha-numeric

                                              • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                                Arjun Venkateswarlu
                                                Currently Being Moderated

                                                Looks like something wrong with your service account and keytab.

                                                 

                                                Check the properties of service account BOECMS_TST in AD server.

                                                 

                                                check in the document for properties of AD user - Configuring Vintela SSO in Distributed Environments - Complete.pdf. Note 1261835 - Configuring java SSO (aka vintela, kerberos) in Distributed Environments - XI 3.1 **Best Practices*

                                                 

                                                Check this note also - 1262301 - Infoview returns an error 404 or 'Didn't find name at offset' when Tomcat is configured with SSO Vintela and AD Kerberos.

                                                • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                                  Amit Kumar
                                                  Currently Being Moderated

                                                  Hi,

                                                   

                                                  Check the properties of the service account,option "Trust this user for delegation" should be checked.

                                                  Second Stop tomcat and rename the InfoViewApp folder under the tomcat and restart the tomcat.After that automatically new infoviewapp folder will create.then change  in the web.xml file.

                                                   

                                                  Stop the tomcat andthen SIA under the CCM.Then first start SIA and Then tomcat.

                                                   

                                                  May be this helps you..WE got the same error message  while enabling SSO.Our issue with option "Trust this user for delegation" was not checked.

                                                   

                                                   

                                                  Hope  this helps you..

                                                  Thanks,

                                                  Amit

                                                  • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                                    Phillip Putzback
                                                    Currently Being Moderated
                                                    Amit Kumar Rathi wrote:

                                                     

                                                    Hi,

                                                    >

                                                    > Check the properties of the service account,option "Trust this user for delegation" should be checked.

                                                    > Second Stop tomcat and rename the InfoViewApp folder under the tomcat and restart the tomcat.After that automatically new infoviewapp folder will create.then change  in the web.xml file.

                                                    >

                                                    > Stop the tomcat andthen SIA under the CCM.Then first start SIA and Then tomcat.

                                                    >

                                                    > May be this helps you..WE got the same error message  while enabling SSO.Our issue with option "Trust this user for delegation" was not checked.

                                                    >

                                                    >

                                                    > Hope  this helps you..

                                                    > Thanks,

                                                    > Amit

                                                     

                                                    Delgation Tab. Option (Trust this user for delegation to any service (Kerberos only) ) is selected

                                                    Account Tab:

                                                    • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                                                      Phillip Putzback
                                                      Currently Being Moderated

                                                      We got this error "KTPASS failed getting target domain for specified user" when trying to recrete the keytab using the syntax

                                                      ktpass -out bosso.keytab -princ HTTP/ETBO1@ at CAL.ECommunity.COM -mapuser BOECMS_TST -pass password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

                                                       

                                                      So we are going to try

                                                      ktpass -out bosso.keytab -princ HTTP/ETBO1 at CAL.ECommunity.COM -mapuser CHE\BOECMS_TST -pass password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

                                                       

                                                      and  then

                                                      ktpass -out bosso.keytab -princ HTTP/ETBO1 at CAL.ECommunity.COM -mapuser BOECMS_TST at CAL.COMMUNITY.COM -pass password1 -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

            • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
              Phillip Putzback
              Currently Being Moderated

              It appears the forums strips out the tags if I post to much in one post. Here is the last bit of the file.:

               

              <servlet-mapping>

                <servlet-name>action</servlet-name>

                <url-pattern>*.object</url-pattern>

              </servlet-mapping>

               

              <servlet-mapping>

                <servlet-name>AppServiceServlet</servlet-name>

                <url-pattern>/common/appService.do</url-pattern>

              </servlet-mapping>

               

              <servlet-mapping>

                <servlet-name>Not Found Servlet</servlet-name>

                <url-pattern>/ProductId.txt</url-pattern>

              </servlet-mapping>

               

              <session-config>

                <session-timeout>20</session-timeout>

              </session-config>

               

               

              <error-page>

                <error-code>404</error-code>

                <location>/httperror_404.htm</location>

              </error-page>

               

              <error-page>

                <error-code>500</error-code>

                <location>/httperror_500.jsp</location>

              </error-page>

               

              <taglib>

                <taglib-uri>/WEB-INF/c.tld</taglib-uri>

                <taglib-location>/WEB-INF/c.tld</taglib-location>

              </taglib>

               

              <taglib>

                <taglib-uri>/WEB-INF/fmt.tld</taglib-uri>

                <taglib-location>/WEB-INF/fmt.tld</taglib-location>

              </taglib>

               

               

              <taglib>

                <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>

                <taglib-location>/WEB-INF/struts-html.tld</taglib-location>

              </taglib>

              • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                Phillip Putzback
                Currently Being Moderated

                The following is from my TomCat Properties.

                -Djava.library.path=C:/Windows/SysWOW64/;C:/Program Files (x86)/Business Objects/BusinessObjects Enterprise 12.0/win32_x86/

                -Dcatalina.base=C:/Program Files (x86)/Business Objects/Tomcat55/

                -Dcatalina.home=C:/Program Files (x86)/Business Objects/Tomcat55/

                -Djava.endorsed.dirs=C:/Program Files (x86)/Business Objects/Tomcat55/common/endorsed/

                -Dbobj.enterprise.home=C:/Program Files (x86)/Business Objects/BusinessObjects Enterprise 12.0/

                -Dbusinessobjects.olap.stylesheets=C:/Program Files (x86)/Business Objects/OLAP Intelligence 12.0/stylesheets/

                -Djava.library.path=C:\Windows\SysWOW64\;C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\

                -Dcatalina.base=C:\Program Files (x86)\Business Objects\Tomcat55\

                -Dcatalina.home=C:\Program Files (x86)\Business Objects\Tomcat55\

                -Djava.endorsed.dirs=C:\Program Files (x86)\Business Objects\Tomcat55\common\endorsed\

                -Dbobj.enterprise.home=C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 12.0\

                -Xrs

                -XX:MaxPermSize=256M

                -Dbusinessobjects.olap.bin=

                -Dbusinessobjects.olap.stylesheets=C:\Program Files (x86)\Business Objects\OLAP Intelligence 12.0\stylesheets\

                -Djava.awt.headless=true

                -Djava.security.auth.login.config=C:\WINNT\bscLogin.conf

                -Djava.security.krb5.conf=C:\WINNT\Krb5.ini

                -Dcom.wedgetail.idm.sso.password=password1

                -Djcsi.kerberos.maxpacketsize=0

                -Djcsi.kerberos.debug=true

                • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
                  Arjun Venkateswarlu
                  Currently Being Moderated

                  Your Tomcat config looks good.

                   

                  Please make changes as said above and here is my XML

                   

                  <context-param>

                          <param-name>cms.default</param-name>

                          <param-value>HOSTNAME:6400</param-value>

                      </context-param>

                   

                      <!-- Choose whether to let the user change the CMS name -->

                      <!-- If it isn't shown the default System from above will be used -->

                      <context-param>

                          <param-name>cms.visible</param-name>

                          <param-value>false</param-value>

                      </context-param>

                   

                      <!-- You can specify the default Authentication types here -->

                      <!-- secEnterprise, secLDAP, secWinAD, secSAPR3 -->

                      <context-param>

                          <param-name>authentication.default</param-name>

                          <param-value>secWinAD</param-value>

                      </context-param>

                   

                      <!-- Choose whether to let the user change the authentication type -->

                      <!-- If it isn't shown the default authentication type from above will be used -->

                      <context-param>

                          <param-name>authentication.visible</param-name>

                          <param-value>true</param-value>

                      </context-param>

                   

                      <!-- The default home page -->

                      <context-param>

                          <param-name>homepage.default</param-name>

                          <param-value>/jsp/listing/home.jsp</param-value>

                      </context-param>

                   

                      <!-- If the locale preference is disabled (only english languages will be used/allowed) -->

                      <context-param>

                          <param-name>disable.locale.preference</param-name>

                          <param-value>false</param-value>

                      </context-param>

                   

                      <!-- Set to false to disable Siteminder single sign on. -->

                      <context-param>

                          <param-name>siteminder.enabled</param-name>

                          <param-value>false</param-value>

                      </context-param>

                   

                      <!-- You can specify the siteminder Authentication type here -->

                      <!-- secLDAP, secWinAD -->

                      <context-param>

                          <param-name>siteminder.authentication</param-name>

                          <param-value>secLDAP</param-value>

                      </context-param>

                   

                      <!-- Set to true to enable Vintela single sign on. -->

                      <context-param>

                          <param-name>vintela.enabled</param-name>

                          <param-value>true</param-value>

                      </context-param>

                   

                      <!-- Set to true to enable other single sign on. -->

                      <context-param>

                          <param-name>sso.enabled</param-name>

                          <param-value>false</param-value>

                      </context-param>

                   

                      <!-- Set to true to use SAP SSO as the application's primary SSO mechanism -->

                      <context-param>

                          <param-name>sso.sap.primary</param-name>

                          <param-value>false</param-value>

                      </context-param>

                   

                      <!-- Set to false to disable logon with token. -->

                      <context-param>

                          <param-name>logontoken.enabled</param-name>

                          <param-value>true</param-value>

                      </context-param>

                   

                  <filter>

                          <filter-name>authFilter</filter-name>

                          <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

                   

                          <init-param>

                              <param-name>idm.realm</param-name>

                              <param-value>DOMAIN NAME</param-value>

                          </init-param>

                   

                          <init-param>

                              <param-name>idm.princ</param-name>

                              <param-value><SERVICENAME></param-value>

                          </init-param>

                   

                       <init-param>

                             <param-name>idm.keytab</param-name>

                             <param-value>C:\winnt\bofinale.keytab</param-value>

                          </init-param>

                   

                   

                          <init-param>

                              <param-name>idm.allowUnsecured</param-name>

                              <param-value>true</param-value>

                          </init-param>

                   

                          <init-param>

                              <param-name>idm.allowNTLM</param-name>

                              <param-value>false</param-value>

                          </init-param>

                   

                          <init-param>

                              <param-name>idm.logger.name</param-name>

                              <param-value>simple</param-value>

                              <description>

                                  The unique name for this logger.

                              </description>

                          </init-param>

                   

                          <init-param>

                              <param-name>idm.logger.props</param-name>

                              <param-value>error-log.properties</param-value>

                              <description>

                                  Configures logging from the specified file.

                              </description>

                          </init-param>

                   

                          <init-param>

                              <param-name>error.page</param-name>

                              <param-value>../logonNoSso.jsp</param-value>

                              <description>

                                  The URL of the page to show if an error occurs during authentication.

                              </description>

                          </init-param>

                      </filter>

  • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
    Hakan Kilic
    Currently Being Moderated

    Hi Phil!

     

    Looks like you are missing some essentials for the Vintela configuration:

     

    Here the steps you need:

    1. let you Windows AD Admin create a service account (SA) for you, which should have admin rights on the server of BO

        ie: bo_user

     

    2. The SA should have checked: "Usage Cannot Change Password" + "Password never expires"

     

    3. The SA should have also checked: "Trust this user for delegation to any service (Kerberos only)

     

    HINT

    There is a fix for Windows 2003 AD Server, which is necessary to handle the SPN users correctly - ask your Admin which server you are using

    HINT

     

    4. Your Admin now should create the service SPNs with:

         setspn -a HTTP/hostname                         .. ie: HTTP/BOSERVER         (everything in upper case letters, don't use any underscores)

         setspn -a HTTP/Full Qualified Host Name  .. ie: HTTP/BOSERVER.WORK.COM

         setspn -a HTTP/ip-address                        .. ie: 179.120.120.12

     

    HINT

    If you are using HTTPS on the server, you will still need HTTP entries within your SPN

    HINT

     

    5. Your Admin should now create your KTPASS file

          

    ktpass -out vintela.keytab -princ HTTP/BOSERVER(enter here at symbol)WINAUTHTZ.COM -mapuser bo_user -pass <password> -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

     

    6. Your Admin should now reset the password for the user in Windows AD to the original. And then copy the KTPASS file "vintela.keytab" to your server

     

    7. Enter the user + domain to your CMCAPP under AD Groups. And enter the SPN name HTTP/BOSERVER under "Use Kerberos authentication -> Service Principal Name"

     

    8. Stop your SIA via CMS (= main service running on the BO Server) and run it with different user ie: bo_user

     

    9. Make sure that your user ie: bo_user has within "Local Security Setting -> Local Policies -> User Rights Asignment" the role "Act as part of the operation system"

     

    10. Enter details for KRB5.ini and BSCLogin.conf to Tomcat launch properties

           

    -Djava.security.auth.login.config=C:\winnt\bscLogin.conf
          -Djava.security.krb5.conf=C:\winnt\Krb5.ini

     

    HINT

    The web.xml files are under your BO Installation within the Tomcat webapp directory

    ie: C:\Program Files (x86)\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF

    HINT

     

    11. Within the web.xml files (opendocument, InfoViewApp, dswsbobje) enter true for vintela.enabled, and disable siteminder

     

    12. Within the web.xml for vintela

           idm.realm = WORK.COM

           idm.princ = HTTP/BOSERVER

     

    13. Within the web.xml for vintela

          create an entry for idm.keytab with the location of your keytab file

          ie:

    <init-param>
    <param-name>idm.keytab</param-name>
    <param-value>c:\winnt\vintela.keytab</param-value>
    </init-param>

     

    HINT

    You can open the content of the keytab file, where you should find you SPN/idm.princ in readable format HTTP/BOSERVER

    HINT

     

    I hope I have covered everything essential

    ciao Hakan

  • Re: BO XI 3.1 HTTP Status 404 - /InfoViewApp/logon.jsp
    Phillip Putzback
    Currently Being Moderated

    AS far as the OP goes this problem has been fixed. I stil lcan't get the BO aps like Designer or Web Intelligence Rich Client to work with SOS but that takes this off topic. I'll have to start a new thread for that. I think they solutions that helped the most were getting the syntax of SETSPN correct and also setting the parameters in the system and web.xml files correctly.

     

    Thanks for all the help,

    Phil

     

    Edited by: PAPutzback on Jan 3, 2012 3:46 PM

Actions