This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Having trouble getting Dimensions to Authenticate through SBM

Hello,

Using SBM 11.7.1 and Dimensions 14.5.2. Had this all working with a dimensions test server. We have now decided to go dimensions production from a linux server. We could not get that to work. 

Large brain drain in support and I am flailing here. Support was able to hook us up in the past but now I'm lost.  Escalated issue. 

I'm trying to get Dimensions to authenticate through SBM. SBM is presently hooked up with a Smart card. 

Using SSL third party authentication system through Windows domain. 

Authenticators and Identity Transformers are enabled. 

Getting ssl Protocol error when I attempted to log into dimensions from our new dimensions server.  So, I believe dimensions is getting the the SBM server I beleive. 

The connection for this site is not secure

dimensions.server sent an invalid response.

  • Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

I used a tool called "KeyStore Explorer" to look at the certificates. Noticed that my working server was in the truststore.jks, new server was not. 

Used keytool on linux to edit the truststore.jks and add the new  dimensions server certificate. 

Did not work. 

Changed the jks file back to the original  and now original setup not working from other dimensions server. I obviously screwed something up. 

Same error from new dimensions server, but, now my previously working Dimensions Control server is hosed with this error:

Access to SBM.SERVER was denied

You don't have the user rights to view this page.

HTTP ERROR 403
I'm taking stabs in the dark here, but I had to try something. Going directly to SBM works fine, Dimensions just can't authenticate through SBM from either of my Dimensions Servers now.. 

I'm not a certificate expert. Perhaps I need to import the certificates through tomcat instead of altering the jks files direclty? 

Any ideas or additional documentation welcome. 

Thanks, 

Will Powell

  • 0  

    Hi Will. Please continue working with support on the case and request escalation if needed. The last issue you mentioned may be related to this topic: https://docs.microfocus.com/doc/Solutions_Business_Manager/12.0/ttig_conf_sso_protected_hosts

    This has to do with protecting the SSO server and only allowing specified hosts to use it.

  • 0  

    Will,

    Continue working with support.

    The SBM SSO server does need to have all hostnames and alias used to get to Dimensions and SBM in the Configurator > Authentication > SSO Protected Hosts.  This would explain the 403 error.

    For the "ERR_SSL_PROTOCOL_ERROR" error, it seemed that Dimensions was redirecting to SBM SSO on HTTP instead of HTTPS.

    Please continue working with support, and escalate by email to the support manager as needed.  You can see his email on agent's signature.

    Regards, 

    David 

  • 0 in reply to   

    Thanks for the reply. I was able to find a typo in the SSO Protected hosts so my original control test server that you helped us set up is working again.

    Now I'm back to the ERR_SSL_PROTOCOL_ERROR that the new Dimensions server is receiving. Looking into the http vs https redirection from the dimensions server. Everything coming into SBM on our network is redirected to https, but perhaps it matters how it's sent out of Dimensions even though it might be redirected. 

    We have two support cases, one on the dimensions side and the other on the SBM side, both critical. 

    Thanks for your advice. 

  • 0

    Found that one of the links from the new Dimensions server was not pointing to the right SBM Port. Fixed that to be like our working control server. Similar error on the SSL. Browser error: 

    The connection for this site is not secure

    dimensions.server sent an invalid response.

    • Try running Windows Network Diagnostics.
    ERR_SSL_PROTOCOL_ERROR
    Linux server presented this: 

    SO Gatekeeper error has occurred: Error obtaining security token.

    Detail

    Validation of WS-Federation token failed with code 40:Token issuer not allowed.

  • 0   in reply to 

    The gatekeeper error sounds like you need to update the CM / Linux gatekeeper file with the STS.PEM exported from the SBM server.  Verify your CM setup.  https://knowledgebase.serena.com/InfoCenter/index?page=content&id=S141571

  • 0 in reply to   

    Looked over the article and found that I was grabbing the certificate from the wrong place in sbm, I was using the Tomcat certificate instead of the Security/Secure SBM/STS. That seemed to work for the Web client, now having problem with GUI and command line dimensions client.... A little bit further. 

  • 0 in reply to   

    We are still failing. We have followed the suggested documents. Web works, dmcli and gui do not. Support case on critical, nothing but crickets.. 

  • 0 in reply to 

    With some support from Micro Focus we were able to get the PIV to work with the Dimensions Command Line DMCLI and the Desktop GUI Client, on windows. The problem we are having now is that if we are on a dimensions unix machine that uses DMSYS or other non - piv accounts, how do we get those accounts to contact SBM and have SBM fail over to a username password system?