Solved

Enabling SSO for Custom Web Console


Userlevel 2
Badge +9

Hi Fellas,

I have 2 Web Consoles installed on my environment. We use the first installed Web Console as admin for reporting and administrative tasks. The second installed Web Console serves Endpoint users.

I used Additional Setting below to redirect to endpoint users but SSO is not working here. How can I enable SSO here?

https://documentation.commvault.com/additionalsetting/details?name=%22sCustomWebConsoleUrl%22&id=2206

Best Regards.

icon

Best answer by HolowEd 23 June 2021, 13:40

View original

15 replies

Userlevel 5
Badge +8

Hi 0ber0n, 

Web console 1 (admin) is working with SSO?

Webconsole 2  (endpoint) is not. 

Is webconsole 2 on the same domain as the users trying to access it?  

Increase the debug to 7 on the webconsole log and then try to login with the SSO.  Take a look in the log and you will see the communication for the login and may give you further information. 

Userlevel 2
Badge +9

Hi @Blaine Williams ,

When I click Web Console and Command Center button on the CommCell Console, its opened with loggedin to Web Console 1.

When I click Setting button on the Edge Monitor the SSO is not working. The log is below

 

12120 3 06/21 15:29:39 10.***.**.**   INFO  IDPSSOUtils:?:? - IDP SSO is disabled!
  1 06/21 15:34:20    INFO  LogbackConfigBase:?:? - 2 configuration properties have changed:
  1 06/21 15:34:20    INFO  LogbackConfigBase:?:? -     webconsole_DEBUGLEVEL: 7 (Integer, registry)
  1 06/21 15:34:20    INFO  LogbackConfigBase:?:? -     webconsole_DEBUGLEVEL_UNTIL: 1624887238 (Long, registry)
  1 06/21 15:34:20    DEBUG LogbackConfigBase:?:? - Logging level changed: logger ID=[webconsole], Logger name=[commvault.web], old level=[info], new level=[debug]
 12120 1 06/21 15:34:40 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /clientDetails/fsDetails.do
 12120 1 06/21 15:34:40 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 1 06/21 15:34:40 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 1 06/21 15:34:40 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 1 06/21 15:34:40 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 1 06/21 15:34:40 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 8 06/21 15:34:40 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 8 06/21 15:34:40 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 8 06/21 15:34:40 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 7 06/21 15:34:40 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /login/index.jsp
 12120 7 06/21 15:34:40 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 7 06/21 15:34:40 10.***.**.**   INFO  StatelessCookieFilter:doFilterInternal:85 - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 7 06/21 15:34:40 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 7 06/21 15:34:40 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 7 06/21 15:34:40 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 5 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /common/customTheme.do
 12120 5 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 5 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 5 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 5 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 5 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target customTheme.do
 12120 5 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target customTheme.do
 12120 3 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /bareFrameModeCss.do
 12120 3 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 3 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:isLoggedIn:603 - Logged in status : false
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target bareFrameModeCss.do
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target bareFrameModeCss.do
 12120 3 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /devModeCss.do
 12120 3 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 3 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target devModeCss.do
 12120 3 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target devModeCss.do
 12120 4 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /devModeJs.do
 12120 4 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 4 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 4 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 10 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /clientLoggingJs.do
 12120 4 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 10 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 4 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target devModeJs.do
 12120 10 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 10 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 4 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target devModeJs.do
 12120 10 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 10 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target clientLoggingJs.do
 12120 10 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target clientLoggingJs.do
 12120 1 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /getLocaleName.do
 12120 1 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 1 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 8 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /isDomainValidForSSO.do
 12120 1 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 8 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 1 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 8 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 1 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target getLocaleName.do
 12120 8 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 8 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 8 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target isDomainValidForSSO.do
 12120 1 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target getLocaleName.do
 12120 8 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target isDomainValidForSSO.do
 12120 7 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - Requestsssted path : /isIDPSSOEnabled.do
 12120 7 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - exxclude urls : [/initOpenIdAuthFlow.do, /samlAcsCallback.do, /openIdConnectCallback.do, /appstore/appStoreLoginService.do, /consoleError.do, /emailrecall/endUserSearchEnabled.do, /sandbox/make_request.jsp, /addAction, /samlAcsIdpInitCallback.do, /addVisitor, /isSessionAlive.do, /SAMLSingleLogout, /httplogupload.do, /metrics/metricsUpload.do, /mobileLogin.do, /auditLog.do, /appstore/storeconfig.do, /remoteSAMLAcsIdpInitCallback.do]
 12120 7 06/21 15:34:41 10.***.**.**   INFO  StatelessCookieFilter:?:? - landing remote url stateless : /webconsole/clientDetails/fsDetails.do?clientName=laptopclientname
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG AuthProcessorFilter:?:? - Invoking auth filter *0 for pattern commvault.web.core.AuthFilter.doFilter
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG AuthFilter:?:? - Logged in status : false
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - MainController invoked for target isIDPSSOEnabled.do
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG CVCoreConfig:?:? - Unable to find the FileCacheServer registry keys.
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG HttpHelper:?:? - Sending request to CommcellRedirect/RedirectListforUser?GlobalIdp=true&webconsoleURL=https%3A%2F%2Fpgarappcvw03.domain.net%3A443%2Fwebconsole:

 12120 7 06/21 15:34:41 10.***.**.**   DEBUG LocationManager:?:? -  finally location assigned for 10.***.**.**:10.***.**.**
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG ServerBroker:?:? - Server Response (formatted):
<App_RedirectsForUser isRouterCommcellConfigureAsGlobalIDP="0" isCommcellRedirectEnabledOnAnyApp="0">
    <error errorMessage="SUCCESS" errorCode="0"/>
</App_RedirectsForUser>

 12120 7 06/21 15:34:41 10.***.**.**   DEBUG IDPSSOUtils:?:? - {"isClientResp":true,"data":{"isIDPSSOEnabled":false},"listData":[]}
 12120 7 06/21 15:34:41 10.***.**.**   INFO  IDPSSOUtils:?:? - IDP SSO is disabled!
 12120 7 06/21 15:34:41 10.***.**.**   DEBUG MainController:?:? - ***MainController done with no error for target isIDPSSOEnabled.do

Userlevel 2
Badge +9

anyone has any idea :see_no_evil:

Userlevel 4
Badge +11

Clicking on the webcosole link and Command Center link is not using SSO. It is transferring the token used to login to commcell console and automatically logging you into to webconsole or command center. Try accessing he admin webconsole directly without first going into commcell console are you logged in automatically.

Userlevel 2
Badge +9

Hi Edward,

 

I did as you stated, but still could not login with SSO. Is there a config that simply needs to be done?

SSO is checked under Security-Domains And Organizations.
Control Panel-EMail, Web and FTP Server-Web Server, “Configure this URL for CVAccounts SSO redirections” is checked and pointed to the 2nd WebConsole(for Endpoint).

Userlevel 4
Badge +11

@0ber0n Please follow these instructions for setting up SSO across multiple webconsoles;

https://documentation.commvault.com/commvault/v11_sp20/article?p=3683_1.htm

Userlevel 4
Badge +11

@0ber0n Upon further review this is not what you are looking to do. What this allows is once you are logged into a webconsole. if you open a webconsole session or command center session on another machine it will use the current set of credentials to log you onto those machines. This will not help with the initial SSO login to the webconsole that you are attempting.

Userlevel 2
Badge +9

Hi Edward,

I guess it's not possible to do what I'm looking for:disappointed:

Userlevel 4
Badge +11

@0ber0n Actually yes it is, SSO should work for both Commcell Console and Webconsole\Command Center. Just to touch on what @Blaine Williams asked is everyone who is accessing Webconsole\Command Center logging in from the same domain. If this is the case and the option to enable SSO is configured. Also verify from the webserver, verify that it has access to the domain controllers and that port 636 is open.

Userlevel 2
Badge +9

Hi Edward,

I checked and I can confirm that port 636 is opened from web server to domain controller and also, there is one domain, so all users, web consoles and cs using the same domain :/

Userlevel 4
Badge +11

@0ber0n If you have checked all of that and are able to log into the commcell console using SSO please open a case with support to look into this further.

Userlevel 7
Badge +23

Once you do, please share the case number so I can follow up!

Userlevel 7
Badge +23

@0ber0n , following up; did you open a case for this?  If so, share the case number with me so I can follow up accordingly.

Thanks!

Userlevel 7
Badge +23

Hey @0ber0n , I’m not seeing any case in your name.  did you get a chance to open one up?

If so, share the number (and solution if you got that far already) :nerd:

Userlevel 7
Badge +23

@0ber0n , marking this as solved, though I couldn’t find any case created.  Please reply if anything changes!

Reply