8 Replies Latest reply: Apr 22, 2011 12:32 AM by 856334 RSS

    Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)

    856334
      Hi there,

      After using 4.5 for some time we started to play with 4.6-911

      The funny thing I see is that applications do not get visible on the webtop, despite beeing configured correctly. Initially it DID work (few hours before I wrote this mail)
      We are authentication against AD.
      As you can see in the debug-logs. the Webtop generator DOES get a match for a some application for this user the first time. However, the next event seems to differ.
      The netto result is that after login, this user has no application at all visible on the Webtop.
      Why these 2 concurrent events and not just 1 ?


      2011/04/19 12:52:20.858 (pid 4279) server/webtop/info #1303217540858
      The LDAP Webtop generator matched the following apps (taking 458ms)
      user: CN=John Tester,CN=Users,DC=rms,DC=mycompany,DC=com
      o=applications/cn=XP Desktop => Matched group name cn=ssccdn,cn=users,dc=rms,dc=mycompany,dc=com
      o=applications/cn=Checkpoint SmartDashboard R70 => Matched group name cn=ssccdn,cn=users,dc=rms,dc=mycompany,dc=com

      2011/04/19 12:52:20.860 (pid 4279) server/webtop/moreinfo #1303217540860
      The LDAP Webtop generator did not match the following apps
      user: CN=John Tester,CN=Users,DC=rms,DC=mycompany,DC=com


      However, when logged in as "John Tester" and pressing the "Edit" button, then "Edit Groups" you can "organise" you applications/content in groups (if you allow this)
      Logged in as John, I indeed see the application that I normally am entitled to run and I can group them but they never show up on the left pane in the browser!


      It did work today for me, 2 hours before I noticed it for the first time. I tried clearing any LDAP caches and restarting services etc, no luck...

      This does dissapoint me a bit. These are basic features that actually worked on Sun SGD4.5 and the first Oracle SGD4.6 release seems buggy on these essential features ?
      Any hints on such weird behaviour ?? Perhaps I missed out on something essential ?

      Thanks!
      Jan
        • 1. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
          DeanyDean
          Hi Jan,

          It sounds like something is going wrong after the user's webtop content is generated as the log messages you provided say that both apps are matched to the AD user. The second log line is saying that "no" apps "did not" match the user (double negative). Also, the fact that the "edit groups" page could see the apps suggests the same thing.

          Was your 4.6 server upgraded from 4.5 or is it a clean install of 4.6?

          Thanks,

          Matt

          Edited by: DeanyDean on 19-Apr-2011 15:16
          • 2. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
            856334
            Actually we tried both, upgrading from 4.5 to 4.6 as such went fine, but we face various strange issues, settings we made (for AD authentication) went forgotten etc (there are offcourse changes in the way these object are configured)

            Then we took a clone from this VM, uninstalled 4.5 cleaned up and installed the 4.6 fresh.

            Initially after installation of the 4.6 all went just fine, only after I started to create new applications and tried to login to see it it just went "empty" ....

            We also tried on different clients (XP with IE7 and a machine running Ubuntu with Firefox) -> same effect for this users

            When logging in and asking detailed info for this user (using the "Info" button, then "Detailed Diagnostics" link this seems perhaps of interest at the "About Your Desktop".


            You have started the following event listeners:
            EVL1303283373524



            You have registered interest in the following events:
            Key Event Name Handler URL Target/Method ListenerID/Connection Type
            sgd1.rms.mycompany.com:Tcc:1303283361654 Tcc sgd1.rms.mycompany.com permanent
            sgd1.rms.mycompany.com:Print:1303283373827 Print http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/opt.jsp OptFrame EVL1303283373524
            sgd1.rms.mycompany.com:Restart:1303283373846 Restart http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/restart.jsp _top EVL1303283373524
            sgd1.rms.mycompany.com:SessionGrabbed:1303283373682 SessionGrabbed http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/session-grabbed.jsp?ENTRY_URL=/index.jsp?langSelected=en _top EVL1303283373524
            sgd1.rms.mycompany.com:WebtopStateChanged:1303283373683 WebtopStateChanged http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/webtop.jsp WebtopFrame EVL1303283373524

            sgd1.rms.mycompany.com:ConnectionLost:1303283373853 ConnectionLost javascript:document.write('
            Connection Error
            The connection to your Secure Global Desktop server has been lost.

            Please restart your browser and try to log in again.

            *') _top EVL1303283373524*

            *sgd1.rms.mycompany.com:Logout:1303283373826 Logout http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/logged-out.jsp?ENTRY_URL=/index.jsp?langSelected=en&TCC_STARTED=true _top EVL1303283373524* sgd1.rms.mycompany.com:WebtopContentChanged:1303283373824 WebtopContentChanged http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/webtop.jsp WebtopFrame EVL1303283373524
            sgd1.rms.mycompany.com:Profile:1303283373856 Profile
            sgd1.rms.mycompany.com:EmulatorSession:1303283373825 EmulatorSession http://sgd1.mycompany.intra/sgd/webtops/standard/webtop/webtop.jsp WebtopFrame EVL1303283373524



            There are no "hard errors" in the client browser, the only thing is that the application-frame remains empty...
            • 3. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
              DeanyDean
              Are you getting any errors in the SGD tomcat log files?

              In SGD 4.60, these are located in:

              /opt/tarantella/webserver/tomcat/6.0.29_axis1.4/logs

              Matt
              • 4. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
                856334
                Hi,

                I stopped services, flushed existing files en started up...
                The moment my Webtop should start to build these lines are logged...does not say much to me, but it seems related somehow ;-)


                *2011-04-21 05:22:16 WARNING ID: 26, Fault code : Server.Exception*
                *2011-04-21 05:22:16 WARNING ID: 26, Fault string : java.lang.NullPointerException: Caught exception from SOAP method: webtopcontent->searchwebtopcontent()*
                *2011-04-21 05:22:16 INFO Exception com.tarantella.tta.webservices.TTAException*


                ...then I logged out and logged in again with another username. Exactly the same 3 error lines...
                • 5. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
                  DeanyDean
                  To figure out why you're getting this error, I need to get a bit more info out of your system. Could you perform the following steps:

                  1) In a web browser go to: <sgd-server-url>/sgd/admin/apitest
                  2) In the left hand frame, click on the webtopsession link and then on the authenticate link.
                  3) In the left hand frame, enter username and password for your user, leave client id and locale blank, press the "Call" button.
                  4) In the right hand frame, confirm the response has a scottasessioncookie attribute and that the scottasessionowner is the user you expect to be logged in as.
                  5) In the left hand frame, click on the (Top) link at the top of the page, then on the webtopcontent link, then on the searchwebtopcontent link.
                  6) In the left hand frame, click on the "Call" button.

                  In the right hand frame should be something similar to the Server.Exception you are seeing in the tomcat logs. Can you post the entire right hand frame to this thread?

                  Thanks,

                  Matt

                  Edited by: DeanyDean on 21-Apr-2011 08:59
                  • 6. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
                    856334
                    Indeed Dean...also an exception...

                    I got a session-cookie:

                    Namespace: webtopsession
                    Method: authenticate
                    Parameters


                    Request XML
                    *<Not recorded>*
                    Response XML
                    Parses (ResponseParser): OK
                    Parses (GeneralParser): OK

                    *<?xml version="1.0" encoding="UTF-8"?><tta:response xmlns:tta="http://xml.tarantella.com/2001/soapreply.xsd">*
                    *<attr name="scottasessioncookie">-2180195385926657032:sgd1.rms.mycompany.com:1303379409662:1957771471478159839:1</attr>*
                    *<attr name="isadministrator">false</attr>*
                    *<attr name="scottatheme">sco/tta/standard</attr>*
                    *<attr name="cn">TheUser</attr>*
                    *<attr name="arrayMember">sgd1.rms.mycompany.com</attr>*
                    *<obj name="serverattributes">*
                    *<attr name="scottasessionid">sgd1.rms.mycompany.com:1303379409662:1957771471478159839</attr>*
                    *<attr name="scottasessiontemplateowner">.../_ens/o=Tarantella System Objects/cn=LDAP Profile</attr>*
                    *<attr name="scottasessionowner">.../_service/sco/tta/ldapcache/CN=TheUser,CN=Users,DC=rms,DC=mycompany,DC=com</attr>*
                    *</obj>*
                    *</tta:response>*

                    ---Below the exception output after step6----



                    Namespace: webtop
                    Method: searchWebtopContent
                    Parameters

                    Admin Session Cookie: -2180195385926657032:sgd1.rms.mycompany.com:1303379409662:1957771471478159839:1
                    Searchspec: (objectclass=)*
                    Attribute: localattributes

                    Request XML
                    Unavailable
                    Fault Reported
                    Code: Server.Exception

                    String: java.lang.NullPointerException: Caught exception from SOAP method: webtopcontent->searchwebtopcontent()

                    Details(count): 1

                    java.lang.NullPointerException
                    *     at com.sco.tta.server.soapcommands.WebtopContent.getDynamicHostFromGroup(WebtopContent.java:678)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent.addDynamicHost(WebtopContent.java:635)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent.handleDynamicObjects(WebtopContent.java:586)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent.addAttributes(WebtopContent.java:434)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent.access$200(WebtopContent.java:63)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent$XMLWebtop.generateXML(WebtopContent.java:1297)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent.doSearch(WebtopContent.java:350)*
                    *     at com.sco.tta.server.soapcommands.WebtopContent.searchWebtopContent(WebtopContent.java:158)*
                    *     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
                    *     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)*
                    *     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)*
                    *     at java.lang.reflect.Method.invoke(Method.java:597)*
                    *     at com.sco.tta.server.server.soap.SOAPControlledElement.invoke(SOAPControlledElement.java:127)*
                    *     at com.sco.tta.server.server.soap.SOAPController.invoke(SOAPController.java:252)*
                    *     at com.sco.tta.server.server.soap.SOAPCalcTask.processEnvelope(SOAPCalcTask.java:249)*
                    *     at com.sco.tta.server.server.CalcTask.runTask(CalcTask.java:127)*
                    *     at com.sco.tta.server.server.Task.run(Task.java:125)*
                    *     at com.sco.cid.common.WorkerPool$Worker.run(WorkerPool.java:469)*
                    *     at java.lang.Thread.run(Thread.java:619)*
                    • 7. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
                      DeanyDean
                      I think this is caused by a dynamic application on your webtop that has an application server group assigned to it which no application server members. To resolve this issue you could either:

                      Remove the offending dynamic application from the users webtop

                      or

                      Assign an application server to the application server group that is being used by the offending dynamic application.

                      Hope this helps,

                      Matt
                      • 8. Re: Anyone seen this 4.6-911 "bug" ? (AD authentication + application mapping)
                        856334
                        Matt,

                        It sure helped! I indeed mapped several applications to "Group" items in stead of "Application Servers" directly.
                        The "TS Pool" group appeared to be empty in stead being populated with 2 Terminal Servers, hence this erratic behaviour.

                        What is a bit annoying is that besides some windows application pointing to that 'empty' "TS Pool Group" there are several other (unix) application (the defaults) wich also are affected because of this and thus not showing in the application list anymore.
                        The fact that my whole application-list dissapears because I use a "faulty" "Grouped" application seems not so normal.

                        I created something llike this (tab "Application Servers")

                        SGD Broker Dynamic Application Server
                        Tarantella server sgd1 Application Server
                        TS Pool Group
                        TS1 Application Server
                        TS2 Application Server
                        XP Pool Group
                        XP1 Application Server
                        XP2 Application Server


                        But thanks for putting me back on track here! Really appreciated !!