9 Replies Latest reply: Feb 11, 2008 10:47 AM by 807581 RSS

    Integrating with SiteMinder

    807581
      Hi,

      We are trying to integrate our Forte UDS web application with SiteMinder for user authentication. When SiteMinder is enabled and we run the EnableAccess method to register the web access service we get the following error:

      SYSTEM ERROR: This object is already open for I/O and cannot be opened again.

      How-ever, if SiteMinder is disabled, the Forte web component enabled, SiteMinder can then be enabled and works as expected. It appears that SiteMinder listening on the ports causes a problem for the EnableAccess method.

      I would appreciate any suggestions on how to resolve this.
      Thanks!
        • 1. Re: Integrating with SiteMinder
          807581
          Can you post more detail on what your are trying to do? I remember having SiteMinder and UDS Web application running in the same network and they worked find.

          ka
          • 2. Re: Integrating with SiteMinder
            807581
            Hi,

            We want to protect a web application (accessed over http) with SiteMinder, but if we try to start up the UDS web application with SiteMinder enabled we get the error message ("This object is already open for I/O and cannot be opened again."). This occurrs when we run the EnableAccess method on the base HTTPAccess object. Our workaround is to enable the web application first, and then bring up the web server again with SiteMinder enabled.

            Any help on how to be able to start up the web application (using the EnableAccess method) while SiteMinder is enabled would be appreciated.

            Thanks, F.
            • 3. Re: Integrating with SiteMinder
              807581
              Is SiteMinder and UDS on the same box? Are they sharing the same port? SiteMinder is suppose to be on another box and all your proxy on IE set to go through SiteMider. Thats how we had it in the past. Can you please clarify on how this is setup?

              thanks
              ka
              • 4. Re: Integrating with SiteMinder
                807581
                The SiteMinder policy server is installed on one box, with a plugin for the web server (to allow the web server to communicate with the policy server) and UDS on another box. Were you able to enable your web component while SiteMinder was enabled?

                Thanks, F.
                • 5. Re: Integrating with SiteMinder
                  807581
                  Yes we where able to make this work fine. Not sure why if UDS is on another box the you would get the error unless SiteMinder is listning on the port UDS is trying to use. Can you please post the actual exception?

                  ka
                  • 6. Re: Integrating with SiteMinder
                    807581
                    Hi,
                    I get the following error when I try to run DisableAccess on the web component and SiteMinder is enabled (and similarly with EnableAccess).
                    Thanks for your help, F.

                    Loaded Forte Message Catalog 'fortemsg/en_us.cat'
                    NLM Startup is Complete - Partition's Locale is 'en_us.iso'
                    SecurityManager Using: Enhanced-High-Security
                    There is no manager active for node carrick.
                    TG_AccessMgrStarter.Main
                    mApplicationNametd = TG_WebDocAccess_cl0
                    mAgentNametd = TG_DocAccessMgr
                    mServiceNametd = (nil)
                    mPortint = 0
                    mStartuptd = disable
                    mForteCGItd = (nil)
                    mForteNSAPItd = (nil)
                    ERROR: Exiting due to following exception:

                    SYSTEM ERROR: This object is already open for I/O and cannot be opened again.
                    Class: qqsp_UsageException
                    Error #: [501, 241]
                    Detected at: qqcm_ExternalConnection::Open at 2
                    Error Time: Fri Feb 8 10:34:40
                    Distributed method called: qqsm_AgentProxy.ExecuteCommand!54 (object name
                    Unnamed) from partition "TG_WebAccessMgr_cl0_Client", (partitionId =
                    11595940-D4A8-11DC-B2BC-6C508ABDBC77:0x817, taskId =
                    [11595940-D4A8-11DC-B2BC-6C508ABDBC77:0x817.3]) in application
                    "TG_WebAccessMgr_cl0", pid 294735 on node carrick in environment dev_env
                    Exception occurred (remotely) on partition
                    "TG_WebDocAccess_cl0_Part5", (partitionId =
                    11595940-D4A8-11DC-B2BC-6C508ABDBC77:0x735, taskId =
                    [11595940-D4A8-11DC-B2BC-6C508ABDBC77:0x817.7]) in application
                    "TG_WebDocAccess_cl0", pid 339481 on node TGServer1 in
                    environment dev_env.
                    • 7. Re: Integrating with SiteMinder
                      807581
                      I remember having this kind of error a while back. What version of UDS are you running?

                      This is how I have my code to enable or disable:

                      if self.enabled then
                           self.XMLAccessService.setExecURL(self.ExecURL);
                           self.XMLAccessService.enableAccess(
                                                    serviceName = self.serviceName,
                                                    servicePort = self.servicePort
                                                    );

                      else
                           self.XMLAccessService.disableAccess();
                           self.XMLAccessService.preStart();
                      end if;

                      ka
                      • 8. Re: Integrating with SiteMinder
                        807581
                        Hi,

                        We're using UDS Version 5.2.26.

                        When calling our EnableAccess method we pass the URLForForteCGI and the pluginURL parameters. I think this means you're using manual registration and so have edited your fortecgi.dat file to register the source? Do you think this difference may explain why you are not getting the error we see?

                        Thanks, F.
                        • 9. Re: Integrating with SiteMinder
                          807581
                          You are correct. I just remembered that automatically registering did not work properly so we did it manually.

                          ka