Skip to main content

developerworkslabel >  Lotus  >  forumlabel  >  Domino Portal Integration  >  developerWorks

SSO between Portal 6.1 and QuickR 8.1    Point your RSS reader here for a feed of the latest messages in this thread


     
 
 
loginbox.header
 loginbox.welcomelabel loginbox.guestlabel
loginbox.signin
This question is not answered.

Reply to this Thread Reply to this Thread Post New Thread Post New Thread useraction.watchpage useraction.watchpage useraction.settings useraction.settings help.pagetitle help.pagetitle
Permlink Replies: 8 - Pages: 1 - Last Post: Sep 18, 2009 4:51 PM Last Post By: Charlie_Price
Jen_C

Posts: 69
Registered: Dec 28, 2006 06:58:55 PM
SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 08, 2008 10:22:23 AM 		 
Click to report abuse...   Click to reply to this thread Reply
Hi,

We are running Portal 6.1 and are trying to set up Single Sign On to Domino QuickR 8.1 but it doesn't appear to be working. We've followed the instructions in the info centre to export the LTPA token and imported it into the Domino server, but when we try to view the places from the My Places portlet, we get the following output telling us that the LTPA token is invalid.

SSO appears to be working as if we log into the Portal then change the URL to the QuickR server, we are signed on. However, if we do it in reverse (sign in to QuickR and then change URL to Portal) is prompts for a logon. So it looks like SSO isn't working properly, but we have been unable to figure out why.

Has anyone managed to get SSO between Portal 6.1 and Domino QuickR 8.1 using the My Places portlet to work?

08/09/2008 11:48:17.16 PM 0698:0015-021C HTTP Sessions> Looking for single sign-on session cookie in session cache
08/09/2008 11:48:17.16 PM 0698:0015-021C HTTP Sessions> Single sign-on session cookie not found in cache, decoding. ORG=, CFG=LtpaToken
08/09/2008 11:48:17.16 PM 0698:0015-021C HTTP Sessions> Validating single sign-on session token list
08/09/2008 11:48:17.16 PM 0698:0015-021C SSO API> *** Validating Token List (SECTokenListValidateAndGetInfo) ***
08/09/2008 11:48:17.16 PM 0698:0015-021C SSO API> ConfigName specified LtpaToken.
08/09/2008 11:48:17.16 PM 0698:0015-021C SSO API> Retrieved global static cache memory for config LtpaToken.
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> *** Retrieving Extra Token Info (SECTokenValidateAndGetTokenInfo2) ***
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> ConfigName specified LtpaToken.
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> Retrieved global static cache memory for config LtpaToken.
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> Decoding Websphere style LTPA Single Sign-On token (LtpaToken).
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> Dumping memory of encoded token 749 bytes.

08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> ERROR: when decoding LtpaToken Output Buffer Overflow.
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> ERROR: unexpected error from called function Output Buffer Overflow.
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> ERROR: examined token list did not contain any valid tokens matching the configuration.
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> *** Freeing Single Sign-On Token List (SECTokenListFree) ***
08/09/2008 11:48:17.17 PM 0698:0015-021C SSO API> *** Freeing Single Sign-On Token (SECTokenFree) ***
08/09/2008 11:48:17.19 PM 0698:0015-021C SSO API> *** Validating Single Sign-On Token (SECTokenValidate) ***
08/09/2008 11:48:17.19 PM 0698:0015-021C SSO API> *** Retrieving Extra Token Info (SECTokenValidateAndGetTokenInfo) ***
08/09/2008 11:48:17.19 PM 0698:0015-021C SSO API> ConfigName specified LtpaToken.
08/09/2008 11:48:17.19 PM 0698:0015-021C SSO API> Retrieved global static cache memory for config LtpaToken.
08/09/2008 11:48:17.19 PM 0698:0015-021C SSO API> Decoding Websphere style LTPA Single Sign-On token (LtpaToken).
08/09/2008 11:48:17.19 PM 0698:0015-021C SSO API> Dumping memory of encoded token 749 bytes.

08/09/2008 11:48:17.20 PM 0698:0015-021C SSO API> Decrypt Websphere style Single Sign-On token (LTPA). Token length invalid <562>.
08/09/2008 11:48:17.20 PM 0698:0015-021C SSO API> ERROR: when decoding token Single Sign-On token is invalid.
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - *************** Request Header info ****************================
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - querystring=QPXML=%3Cservice%20action=%22query%22%3E%3Cquery%20type=%22get_member_places%22%3E%3Cmembers%3E%3Cperson%3E%3Cdn%3ECN=wpsadmin,OU=Consulting_Services,O=ourcompany%3C/dn%3E%3C/person%3E%3C/members%3E%3C/query%3E%3C/service%3E&dn=CN=wpsadmin,OU=Consulting_Services,O=ourcompany
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - Requested Method=GET
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - Remote address=http://10.2.15.10
08/09/2008 11:48:17 PM 28828641 DEBUG http://Thread-15] com.lotus.quickplace.util.QPServlet - Remote host=[
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - Request scheme=http
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - Request protocol=http://HTTP/1.1
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - Request remote user=Anonymous
08/09/2008 11:48:17 PM 28828641 DEBUG http://Thread-15] com.lotus.quickplace.util.QPServlet - Authorization scheme=[
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - USER-AGENT=http://Java/1.5.0
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - HOST=http://ebpl.ourcompany.com.au
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - CONTENT-TYPE=application/x-www-form-urlencoded
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - COOKIE=[LtpaToken==yTqt1igT/m1Y6DHaQFQ9Eqlnrj3XX2tFQ2rip5Bz74b8ZXxt39p70jdYbyzhmJs7K08HyJ/YHgFgsljWHojjGnYAwpMQ0ntCXx7bc4ol8FOE95Zuui5MsgJmQtoMc7zZ1IHmd9hhDAi/FpgxU1C/DMLr3nrO+ScD25mrExLUcDSGtTeb7/ZYP8mnOS81lWa4mvV7zhuApPTOXPKW2GKOUucSyemR5cPAbsa3u1OKApTq66UZqTusMDu+5IakfEwvCzu2jMUBzLSjUYni8Q01S2azjwYm4CLySnw6XQJ07JJCAmYqJ8/lXZ5v5fnck2NiyxCsPrMwt0vntJQZSbAb8Ja5Cxt2/M1Tl6BR8LJGn3hykwND9Dvxud41adiQbKXJ27wdTk7q
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - ACCEPT=http://text/html, image/gif, image/jpeg, *; q=.2, /; q=.2
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - CONNECTION=keep-alive
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - ******* Cookies ********
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - LtpaToken==yTqt1igT/m1Y6DHaQFQ9Eqlnrj3XX2tFQ2rip5Bz74b8ZXxt39p70jdYbyzhmJs7K08HyJ/YHgFgsljWHojjGnYAwpMQ0ntCXx7bc4ol8FOE95Zuui5MsgJmQtoMc7zZ1IHmd9hhDAi/FpgxU1C/DMLr3nrO+ScD25mrExLUcDSGtTeb7/ZYP8mnOS81lWa4mvV7zhuApPTOXPKW2GKOUucSyemR5cPAbsa3u1OKApTq66UZqTusMDu+5IakfEwvCzu2jMUBzLSjUYni8Q01S2azjwYm4CLySnw6XQJ07JJCAmYqJ8/lXZ5v5fnck2NiyxCsPrMwt0vntJQZSbAb8Ja5Cxt2/M1Tl6BR8LJGn3hykwND9Dvxud41adiQbKXJ27wdTk7qHF4dtaEY
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - *******Servlet parameters (Single Value style)********
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - dn=CN=wpsadmin,OU=Consulting_Services,O=ourcompany<END>
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - QPXML=<service action="query"><query type="get_member_places"><members><person><dn>CN=wpsadmin,OU=Consulting_Services,O=ourcompany</dn></person></members></query></service><END>
08/09/2008 11:48:17 PM 28828641 DEBUG Thread-15 com.lotus.quickplace.util.QPServlet - ***************** END Request Header info *************==================================
08/09/2008 11:48:17 PM 28828641 INFO Thread-15 com.lotus.quickplace.util.QPServlet - userAttrib = null
08/09/2008 11:48:17 PM 28828641 INFO Thread-15 com.lotus.quickplace.util.QPServlet - Session is null creating one...
08/09/2008 11:48:17 PM 28828641 INFO Thread-15 com.lotus.quickplace.util.QPServlet - calling getLtpaToken() = =yTqt1igT/m1Y6DHaQFQ9Eqlnrj3XX2tFQ2rip5Bz74b8ZXxt39p70jdYbyzhmJs7K08HyJ/YHgFgsljWHojjGnYAwpMQ0ntCXx7bc4ol8FOE95Zuui5MsgJmQtoMc7zZ1IHmd9hhDAi/FpgxU1C/DMLr3nrO+ScD25mrExLUcDSGtTeb7/ZYP8mnOS81lWa4mvV7zhuApPTOXPKW2GKOUucSyemR5cPAbsa3u1OKApTq66UZqTusMDu+5IakfEwvCzu2jMUBzLSjUYni8Q01S2azjwYm4CLySnw6XQJ07JJCAmYqJ8/lXZ5v5fnck2NiyxCsPrMwt0vntJQZSbAb8Ja5Cxt2/M1Tl6BR8LJGn3hykwND9Dvxud41adiQbKXJ2
08/09/2008 11:48:17 PM 28828657 INFO Thread-15 com.lotus.quickplace.util.QPServlet - calling getBasicAuth1()
08/09/2008 11:48:17 PM 28828657 INFO Thread-15 com.lotus.quickplace.util.QPServlet - calling getBasicAuth() headerValue = null
08/09/2008 11:48:17 PM 28828657 INFO Thread-15 com.lotus.quickplace.util.QPServlet - calling getBasicAuth2() return = isBasicAuth=false
08/09/2008 11:48:17 PM 28828657 INFO Thread-15 com.lotus.quickplace.util.QPServlet - create session using token...
08/09/2008 11:48:17 PM HTTP JVM: getNotesSession - NotesException - 4611 Single Sign-on Token is invalid
08/09/2008 11:48:17 PM HTTP JVM: Exception - invoking Action query action = 74.java.lang.NullPointerException
08/09/2008 11:48:17 PM 28828672 INFO Thread-15 com.lotus.quickplace.util.QPServlet - Printing stack trace
08/09/2008 11:48:17 PM HTTP JVM: java.lang.NullPointerException
08/09/2008 11:48:17 PM HTTP JVM: at com.lotus.quickplace.util.QPServlet.doPost(QPServlet.java:476)
08/09/2008 11:48:17 PM HTTP JVM: at com.lotus.quickplace.util.QPServlet.doGet(QPServlet.java:210)
08/09/2008 11:48:17 PM HTTP JVM: at javax.servlet.http.HttpServlet.service(HttpServlet.java:499)
08/09/2008 11:48:17 PM HTTP JVM: at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
08/09/2008 11:48:17 PM HTTP JVM: at lotus.domino.servlet.DominoServletInvoker.executeServlet(DominoServletInvoker.java:296)
08/09/2008 11:48:17 PM HTTP JVM: at lotus.domino.servlet.DominoServletInvoker.service(DominoServletInvoker.java:237)
08/09/2008 11:48:17 PM HTTP JVM: at lotus.domino.servlet.ServletManager.service(ServletManager.java:258)
08/09/2008 11:48:27.88 PM 0698:0016-04C4 HTTP Sessions> Looking for single sign-on session cookie in session cache (g9TZsviYR78hPNxqjapYrN6W7ucw7Fj4KLGcPJ1k0Sb7dQr2B6d/5wJUarxyCpYoST43hUEIZsunCDib80Tkx6lj3OXTa5eLwQQ5WwRL+b8WQdk8JZrMR0kVjKooHt7Q2brmytGD
08/09/2008 11:48:27.88 PM 0698:0016-04C4 HTTP Sessions> Single sign-on session cookie not found in cache, decoding. ORG=, CFG=LtpaToken
08/09/2008 11:48:27.88 PM 0698:0016-04C4 HTTP Sessions> Validating single sign-on session token list
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> *** Validating Token List (SECTokenListValidateAndGetInfo) ***
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> ConfigName specified LtpaToken.
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> Retrieved global static cache memory for config LtpaToken.
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> *** Retrieving Extra Token Info (SECTokenValidateAndGetTokenInfo2) ***
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> ConfigName specified LtpaToken.
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> Retrieved global static cache memory for config LtpaToken.
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> Decoding Websphere style LTPA Single Sign-On token (LtpaToken).
08/09/2008 11:48:27.88 PM 0698:0016-04C4 SSO API> Dumping memory of encoded token 376 bytes.

08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> -Raw Token Username = CN=wpsadmin,OU=Consulting_Services,O=ourcompany
08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> -LDAP Realm = ebpl.ourcompany.com.au\:389
08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> -Username = CN=wpsadmin/OU=Consulting_Services/O=ourcompany
08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> -Raw Token Username = CN=wpsadmin,OU=Consulting_Services,O=ourcompany
08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> -Expiration Ticks = 1220888366666 09/09/2008 01:39:26 AM.
08/09/2008 11:48:27.89 PM 0698:0016-04C4 HTTP Sessions> Decoded single sign-on session cookie, logging in (CN=wpsadmin/OU=Consulting_Services/O=ourcompany)
08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> *** Freeing Single Sign-On Token List (SECTokenListFree) ***
08/09/2008 11:48:27.89 PM 0698:0016-04C4 SSO API> *** Freeing Single Sign-On Token (SECTokenFree) ***
08/09/2008 11:48:27.89 PM 0698:0016-04C4 HTTP Sessions> Looking for single sign-on session cookie in session cache
Charlie_Price

Posts: 59
Registered: Jun 22, 2007 02:40:43 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 08, 2008 03:52:47 PM   in response to: Jen_C in response to: Jen_Cthread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Hi,

We have seen this error, and are working on getting our technote updated. You should be able to resolve the issue with the following steps:

For Websphere Portal v 6.1, go to Security -- Secure administration, application, and infrastructure -- Web Security -- Single Sign-on

make sure that "Web inbound security attribute propagation" is de-selected.

Let me know how that works for you.

Thanks,
Charlie
Jen_C

Posts: 69
Registered: Dec 28, 2006 06:58:55 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 09, 2008 09:44:17 AM   in response to: Charlie_Price in response to: Charlie_Pricethread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Hi,

Thank you! I made the change to WAS and restarted the Portal and the Places are now displaying in the My Places portlet and Sametime and Mail is also now working. There are now no errors in the logs and places are being returned without issues.

However, with the My Places portlet, only places of which the user is specified as a member is shown. We have created several public places but none of these show up in the portlet. I did think it might be because the My Places portlet only shows places of which you have a membership, but then that doesn't make sense as why is there a "public places" section then? The logs seem to show the same thing, there is no mention of any of the public places when it's collecting the Places.

Is there anything further that needs to be done to show public places in the My Places portlet?

Thank you again for your help.
Charlie_Price

Posts: 59
Registered: Jun 22, 2007 02:40:43 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 09, 2008 10:01:19 AM   in response to: Jen_C in response to: Jen_Cthread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Hi,

It looks like we do have an issue with public places. Is this something you can open a pmr on, and we will see about getting this fixed? If you can't open a pmr, let me know and I'll see what I can do.

Thanks,
Charlie
Jen_C

Posts: 69
Registered: Dec 28, 2006 06:58:55 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 09, 2008 11:41:20 AM   in response to: Charlie_Price in response to: Charlie_Pricethread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Hi Charlie,

We're an IBM business partner and we are building this Portal for our own internal use, so at this stage we do not have a customer number to raise a PMR against, or else I probably would have done so already! If there's something that can be done to get the public places working, that would be great, as it's the last piece of our puzzle to before our new environment is fully set up.

Thanks heaps for all your help,
Jen
David Axinn

Posts: 1
Registered: Mar 08, 2007 03:59:56 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 10, 2008 01:14:51 AM   in response to: Charlie_Price in response to: Charlie_Pricethread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Nice post! De-selecting the security attribute propagation worked for me too. Though I also can't see public places in the My Places portlet.

David
vanstaub

Posts: 18
Registered: Dec 20, 2007 12:45:59 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 12, 2008 12:06:43 PM   in response to: Charlie_Price in response to: Charlie_Pricethread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Charlie is right, the buffer overflow results because the new LTPAToken2 is longer than the previous LTPAToken.
Don_Bunch

Posts: 2
Registered: Sep 12, 2009 05:50:10 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 12, 2009 05:54:16 PM   in response to: Jen_C in response to: Jen_Cthread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
hello,

I have same issue where I can log into portal and then get to Domino quickr 8.1 and show signed in. If I do a javascript:alert(document.cookie) I can see the ltpa token. If I go back to portal, I have no token and it forces me to login again.

If I do reverse, log into Quickr and try to go to portal, it does not work. I have to log into portal. Doing a little testing... I can log into quickr and then go to other
pages / sites and if same browser session, get back into quickr and see my token and am not forced to log in again. This is not the case with the portal login. If I leave
portal and go to another site, I cannot get back to portal without logging in again. I suspect I have something misconfigured that is causing this... any thoughts? Thanks.
Charlie_Price

Posts: 59
Registered: Jun 22, 2007 02:40:43 PM
Re: SSO between Portal 6.1 and QuickR 8.1
Posted: Sep 18, 2009 04:51:43 PM   in response to: Don_Bunch in response to: Don_Bunchthread.responsepost 		 
Click to report abuse...   Click to reply to this thread Reply
Hi,

What urls are you using to access portal. I suspect that when you go back to portal you are using the url http://portal.domain.com/wps/portal -- that would cause the behavior you are seeing, /portal is for anonymous users and doesn't look for or try to use the LtpaToken. If you want sso to work to portal you have to use http://portal.domain.com/wps/myportal.

I think that will resolve your issue. If not, can you give me more details about the environment, what directory does Quickr authenticate with? What directory does portal authenticate with?

If that doesn't help, then could you enable the following debug: com.ibm.ws.security.*=all
sign into quickr, change the browser to the portal server/wps/myportal
and send me the trace.log to review.

thanks, hopefully it's just a matter of the url.
Charlie
Pages: 1
Go Back Back to Thread List

Update your My developerWorks profile and start connecting with others.

Point your RSS reader here for a feed of the latest messages in all forums