When Single Sign On is enabled in Jasper Server and CA Spectrum

Document ID : KB000103671
Last Modified Date : 28/06/2018
Show Technical Document Details
Issue:
Whenever the customer Click on "Jasper Console" from the OneClick Admin page, he receives an error: 

Access to <hostname of CABI> was denied 
You don't have authorization to view this page. 
HTTP ERROR 403 


Things already done and checked :-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
1. spectrumConfigInstaller.jar install = Done. 
2. OneClick -> Administration -> Report Manager -> Jasper Integration = Done 
3. Jasper Integration = Enable 
4. Enable SSO = Checked 
5. Use SSL with Jasper Server = Unchecked 
6. CABI services restarted 
7. Redeploy done 

But on the other-hand, when he open Jaspersoft link directly and login as 'superuser', he is able to open/access it.


In CABI server, the last few lines of localhost_access_log.2018*****.txt are: 


10.18.1.183 - - [18/Jun/2018:12:21:39 -0400] "GET /jasperserver-pro?jaspertoken=eR72zMzMdKwSumPwmMgrYucfwvzIfZbUL465q9NTm0s=??5p5&orgidl=spectrum HTTP/1.1" 302 - 
10.18.1.183 - - [18/Jun/2018:12:21:40 -0400] "GET /jasperserver-pro/?jaspertoken=eR72zMzMdKwSumPwmMgrYucfwvzIfZbUL465q9NTm0s=??5p5&orgidl=spectrum HTTP/1.1" 403 - 
10.18.1.183 - - [18/Jun/2018:12:33:54 -0400] "GET /jasperserver-pro?jaspertoken=fsi7E1eTmyynKXFPbSZtiOcfwvzIfZbUL465q9NTm0s=??ej3&orgidl=spectrum HTTP/1.1" 302 - 
10.18.1.183 - - [18/Jun/2018:12:33:54 -0400] "GET /jasperserver-pro/?jaspertoken=fsi7E1eTmyynKXFPbSZtiOcfwvzIfZbUL465q9NTm0s=??ej3&orgidl=spectrum HTTP/1.1" 403 - 

 
Environment:

CA - Spectrum = 10.2.2.0.71 / 10.X
Jasper server = 6.3.0 
Operating System = Linux  
Cause:

When Single Sign On is enabled in Jasper Server and at the same time if you enable the Single Sign On feature in CA Spectrum, you may face access issue for Jasper SSO.

Jasper SSO - Enabled + Saved
CA Spectrum SSO - Enabled
 
Resolution:

Following is a work around if you want to enable the Single Sign On for both Jasper and CA Spectrum you need to follow the below steps :-

1) In the CA Spectrum machine, go to $Specroot\tomcat\webapps\spectrum\repmgr\admin folder.
2) Copy the 'spectrum.jks' and 'spectrum.properties' files.
3) In the Jasper machine, go to <<CABusinessIntelligenceINstalledDIR>>\apache-tomcat\webapps\jasperserver-pro\WEB-INF\config folder.
4) Replace the existing 'spectrum.jks' and 'spectrum.properties' files with the copied files from CA Spectrum machine.

Post performing these steps when you try to open the Jasper Console from the OneClick Admin page you won't be facing any issues. 
 
Additional Information:
If you have spectrum use LDAP then you need to perform the above mentioned 4 steps in addition to some other steps.