How to log in to Spectrum OneClick when Single Sign-On (SS0) - Embedded Entitlements Manager (EEM) authentication fails.

Document ID : KB000051430
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

You are unable to log in to OneClick and get error:

 "SPECTRUM OneClick - Authorization Failure, 
Authorization failed. Ensure the user name and password are valid." Error seen in stdout.log:
2010-05-14 15:45:56.595] EEMSSOContext::authenticateWithPassword - EEM Error Attaching to Backend...
[resource=/spectrum/][username=spectrum] [2010-05-14 15:46:23.815] EEMSSOContext::authenticateWithPassword - EEM Error  Attaching to Backend...  

Solution

Normally this kind of a deadlock situation happens when you are authenticating only against the EEM server and not locally on the SpectroSERVER. If the LDAP server becomes unavailable, you will not have the ability to log in to Spectrum and there will be no way to disable the Single Sign-On in the Spectrum Web Administration options.

To set the authentication to bypass the EEM server, do the following:

  1. Log in to the EEM home page using the admin account.
  2. The EEM configuration must be changed:
    from Reference from an external directory to Store in CA's Management Database (CA-MDB).
  3. The user must exist in the Manage Identities area of EEM because Single Sign-On is still enabled in Spectrum Web Administration. If the user does not exist, then create a new user in EEM.
    Be sure the passwords between Spectrum and EEM users are the same.
  4. Restart the tomcat service on the OneClick server.
    Now you should be able to log in to OneClick without any issues.

There are two options here, either add additional users to EEM for the non-LDAP integration or disable Single Sign-On in Spectrum Web Administration.

Note: Removing or renaming the files in the $SPECROOT\custom\sso\config directory will not work.