How to configure Single Sign On for Tomcat web server in CA ServiceDesk 12.1?

Document ID : KB000054021
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

This document explains the steps required to configure Single Sign On for tomcat in ServiceDesk R12.1

Solution

Steps to configure SSO for tomcat

  1. Download the latest version of jcifs.jar file from http://jcifs.samba.org/

  2. Copy the file to $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib directory.

  3. Open the web.xml file present under $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\

  4. Locate the line <!-- Add filter here -->

  5. Add the following filter
    <!-- Add filter here --> 
    <filter> 
    <filter-name>NtlmHttpFilter</filter-name> 
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class> 
    <init-param> 
    <param-name>jcifs.http.domainController</param-name> 
    <param-value> DomainControllerName </param-value> 
    </init-param> 
    </filter>
    Domain Controller Name is the host name of the LDAP server.

  6. Locate the line <!-- Add filter-mapping here -->

  7. Add the following filter mapping
    <filter-mapping> 
    <filter-name>NtlmHttpFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
    </filter-mapping>
  8. Restart tomcat server using the commands pdm_tomcat_nxd -c stop, pdm_tomcat_nxd -c start

Note: When using more than one Domain Controller behind a NLB (Network Load Balancing) server, you can not use the DNS Name of the Domain Controller as in:

<param-name>jcifs.http.domainController</param-name>
<param-value> DomainControllerName </param-value>

An error message that is commonly displayed in this situation is: "jcifs.smb.SmbException: A duplicate name exists on the network".

To resolve the error, you need to specify the hostname of one specific Domain Controller.