CA UIM / CABI - CABI dashboards not working with TLS enabled using cabi_external

Document ID : KB000129820
Last Modified Date : 21/03/2019
Show Technical Document Details
Issue:
I'm using the cabi_external probe in a TLS environment and the CABI Dashboards are NOT working in the UMP, Operator Console or Jasper Report Server Web Console. 
Environment:

TLS Enabled Environment
UIM 9.0.2 GA
UMP 9.0.2 HF2
cabi_external v3.40 and Jasper Report Server v6.4.3
Oracle and MS SQL Server Databases

Cause:
Out of the box when using the cabi_external probe in a TLS environment, the wallet / trust store path and password are NOT added to the UIM datasource (stored in the context.xml file \CA\SC\CA Business Intelligence\apache-tomcat\webapps\jasperserver-pro\META-INF\context.xml).  
Resolution:
1. Access the Jasper Report Server Web Page (http://<JRS_IP_OR_HOSTNAME>:8080/jasperserver-pro) using the superuser account. 

2. Home -> Data Sources, View List -> Right Click the "UIM Datasource" and Select "Edit".

3. In the "URL (required)" field which will look like: 
  • For Oracle: jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com
  • For MS SQL Server: jdbc:tibcosoftware:sqlserver://<DATABASE_IP>:1433;databaseName=CA_UIM
You will need to add the wallet / trust store path and password, example: 
  • ;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;TrustStorePassword=interOP@123
Note: The trust store path and password will be the path and password configured in your environment. 

The URL will look like: 

jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;TrustStorePassword=interOP@123

4. Save the changes to the UIM Datasource and Test Connection to confirm it's successful.

Note: You will need to clear the browser cache when retesting the UIM / CABI Dashboards in the UMP or Operator Console. 

*If you are using TLS with Oracle, please follow the additional steps below to configure the UIM JNDI Datasource - THIS IS NOT REQUIRED IF YOU USE TLS WITH MS SQL SERVER *

5. On the server where the Jasper Report Server instance is running, go to: \CA\SC\CA Business Intelligence\apache-tomcat\webapps\jasperserver-pro\META-INF\context.xml
  • Before making any changes create a backup copy of the context.xml file. 

Under the "Resource username" section we will need to add the trust store / wallet password, example: 

<Resource username="CA_UIM" url="jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;TrustStorePassword=;" type="javax.sql.DataSource" password="ENC-e892deda7dd96de81c1b4c75f2b64d2882f7bc5be209def8a95807f2336ab1f4-" name="jdbc/uim" maxWait="10000" maxIdle="30" maxActive="100" factory="com.jaspersoft.jasperserver.tomcat.jndi.JSCommonsBasicDataSourceFactory" driverClassName="tibcosoftware.jdbc.oracle.OracleDriver" auth="Container" initConnectionSqls="ALTER SESSION SET NLS_COMP='LINGUISTIC';ALTER SESSION SET NLS_SORT='BINARY_CI'" defaultTransactionIsolation="TRANSACTION_READ_UNCOMMITTED"/>
</Context>

On the highlighted section add your trust store password, example: 

<Resource username="CA_UIM" url="jdbc:tibcosoftware:oracle://<DATABASE_IP>:2484;serviceName=test.dev.com;CryptoProtocolVersion=TLSv1.2;encryptionMethod=ssl;TrustStore=C:/Program Files (x86)/Nimsoft/security/ewallet.p12;TrustStorePassword=interOP@123;" type="javax.sql.DataSource" password="ENC-e892deda7dd96de81c1b4c75f2b64d2882f7bc5be209def8a95807f2336ab1f4-" name="jdbc/uim" maxWait="10000" maxIdle="30" maxActive="100" factory="com.jaspersoft.jasperserver.tomcat.jndi.JSCommonsBasicDataSourceFactory" driverClassName="tibcosoftware.jdbc.oracle.OracleDriver" auth="Container" initConnectionSqls="ALTER SESSION SET NLS_COMP='LINGUISTIC';ALTER SESSION SET NLS_SORT='BINARY_CI'" defaultTransactionIsolation="TRANSACTION_READ_UNCOMMITTED"/>
</Context>

6. Save the changes to the file, go to services and restarted the "CA Business Intelligence Tomcat" service. 

Note: You will need to clear the browser cache when retesting the UIM / CABI Dashboards in the UMP or Operator Console.