Spectrum fails to authenticate through Embedded Entitlements Manager (EEM) after installing Hot Fix H04

Document ID : KB000050444
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In an environment where installed is EEM versions 8.4.244 (SP4) or 8.4.217 (SP3) along with Spectrum 9.2 H04, customer could experience one or more of the login problem scenarios described below.

Problem Scenario 1: "Authorization failed" popup message is seen when trying to login

Problem Scenario 2: The following messages can be seen in the $SPECROOT/tomcat/logs/stdout.log file:
ERROR Network -
AuthorityLoginError - exception occurred calling Iclient AuthorityLoginError.com.ca.itechnology.iclient.IclException:
org.apache.http.NoHttpResponseException: The target server failed to respond

Problem Scenario 3: The following messages can be seen in the $SPECROOT/tomcat/logs/stdout.log file:
ERROR -
com.ca.eiam.jpoz.PozFactory - checkForFailoverNumber - Could not communicate with the EEM Server [], server returned with errorcode - 846

Problem Scenario 4: The following messages can be seen in the $SPECROOT/tomcat/logs/stdout.log file:
ERROR Network -
AuthorityLoginError - exception occurred calling Iclient AuthorityLoginError
com.ca.itechnology.iclient.IclHTTPException: 403 Forbidden

The reason for the problem scenarios above can be resolved with one or more of the following configured setups in the environment:

  • EEM is configured with a proxy server, however setup of the proxy server is not complete.

  • Unable to login without using a fully qualified domain name in OneClick login. Instead of using <OneClick server name>/spectrum you will now need to use <OneClick server name.domain.com>/spectrum, the same fully qualified domain name configuration that is configured in the EEM Single Sign-On Configuration within the OneClick Administration SSO Configuration.

  • DNS Aliasing with non-Fully Qualified Host Name (FQHN) OneClick URL are being used for the resolution of the OneClick server. The cause of failed logins in these scenarios has not been determined at this time and the workaround below is recommended.

 

Solution:

The workaround for the DNS Aliasing with non-FQHN OneClick URL failed login scenario is as follows:

  1. First copy the original file $SPECROOT/tomcat/spectrum/oneclick.jnlp before making the change in step 2.

  2. Modify the following section of the $SPECROOT/tomcat/spectrum/oneclick.jnlp file:

    From this:
    <!-- JNLP File for Session Client --><jnlp spec="1.0+" codebase="$$codebase"                  href="$$href">  <information>


    To this:
    <!-- JNLP File for Session Client --><jnlp spec="1.0+" codebase="$$codebase"                  href="/spectrum/oneclick.jnlp">  <information>


  3. Save the file.

  4. A restart of OneClick clients is needed, no need to restart the Spectrum tomcat server itself.