SSO failed: the login panel displays

If the login panel displays after you log into DASH and then launch the Compliance GUI, follow the troubleshooting procedure.

Before you begin

One reason the login panel displays is to indicate that single sign-on (SSO) failed. The failure is most likely due to errors in configuring SSO. Follow the troubleshooting procedure to ensure that you have correctly configured SSO.

About this task

This task describes how to troubleshoot SSO configuration as a result of a login panel displaying.

Procedure

  1. Check that SSO was enabled on Netcool Configuration Manager. To determine if SSO was enabled on Netcool Configuration Manager, do the following:
    1. Log into the Netcool Configuration Manager ISC. For example: https://myserver.mycampus.ibm.com:16310/.
    2. Download either of the clients.
    3. If the login panel is not bypassed, then SSO is disabled.
    4. Enable SSO by executing the configSSO.sh script. For example:
      cd /opt/bin/IBM/tivoli/netcool/ncm/bin/utils
      ./configSSO.sh enable
  2. Check that a federated user repository and the ObjectServer VMM were created and configured on Netcool Configuration Manager. If not, create and configure a federated user repository and the ObjectServer VMM on Netcool Configuration Manager. To check that a federated user repository exists on Netcool Configuration Manager:
    1. Log into the Netcool Configuration Manager ISC. For example: https://myserver.mycampus.ibm.com:18101/ibm/console/
    2. Access Security.
    3. Check that the Federated user repository is set to be the current repository.
      • If not, set up a federated user repository to be the current repository.
      • Add the ObjectServer VMM to the federated user repository.
  3. Check that SSO attributes were configured on DASH. If not, configure SSO attributes on DASH. To determine if SSO attributes were configured on DASH, do the following:
    1. Log into DASH and launch the WebSphere Administrative console.
    2. Access Security > Global Security > Web Security > Single sign-on
    3. Ensure that the Enabled checkbox is selected.
    4. Ensure that the domain name is correct.
      • If DASH and Netcool Configuration Manager are on the same server, then a value should not be present.
      • If DASH and Netcool Configuration Manager are on different servers, ensure that the value specifies a super domain for the host names of both products. This must be the case in order for an HTTP cookie to be forwarded from DASH to Netcool Configuration Manager.
  4. Check that there is a connection between the DASH Wizard and the Netcool Configuration Manager host server. If DASH and Netcool Configuration Manager reside on different servers, check the following:
    1. A fully qualified host name (rather than an IP address) must have been specified when prompted for the location of the Netcool Configuration Manager server when installing the Netcool Configuration Manager DASH Wizards on DASH.
    2. In the installation directory, view the file ITNCM_TIP_InstallLog.log.
    3. Look for the line USER_INPUT_ITNCM_CONSOLE_RESULTS=\"myserver.mycampus.ibm.com\",\"16310\". If an IP address was specified, change it to a fully qualified host name.

    If DASH and Netcool Configuration Manager reside on the same server, then either a fully qualified host name or an IP address can be specified.

Results

This troubleshooting procedure should result in a user being able to successfully log into DASH and then launch the Compliance GUI.