Using Spectrum OneClick SSL with LDAP, the SSL frequently does not communicate back and drops (Legacy KB ID CNC TS33909 )

Document ID : KB000051966
Last Modified Date : 14/02/2018
Show Technical Document Details
To prevent refering off to another LDAP server, at the end of the tomcat/webapps/spectrum/META-INF/context.xml file , change referrals="follow" /> to
referrals="ignore" />


Also, you may need to have the connection automatically retry once-this will be built into future releases of Spectrum, but a patch can requested from Support if needed.


Another alternative is to leave referals on and ensure that all authentication servers that may be followed have the certificate matched up and added in



Related Issues/Questions:
Using SSL with LDAP, the SSL frequently does not communicate back and drops
In the stdout.log file the errors are below:


Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:742)
                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketIm
pl.java:1030)
                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
                at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
                at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
                at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
                at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
                at
com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
                at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
                at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
                at
com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFa
ctory.java:35)
                at
javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
                at
javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
                at
javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
                at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
                at
com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
                ... 41 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly


Couldn't authenticate user against directory

.
WebServer to LDAP was clear text, so enabled SSL, configured everything correctly, edited certificate, tomcat restarted. Find that when restarted tomcat worked fine. However, when restart tomcat again and it may have stopped working, approximately 80 percent failure
rate. Tried removing and readding certificates still see same problem.

Problem Environment:
18757126
Spectrum 8.1
Spectrum 9.1

Causes of this problem:
The connection was dropped after LDAP and during SSL. There are multiple LDAP servers that are referring-so a certificate gets done with one server and ONceClick host, but then another server gets involved when LDAP references over, and that server does not have the matched up SS certificates, so the connection gets dropped.


(Legacy KB ID CNC TS33909 )