Hi, thank for reply.
below the extract of the file; do you see something wrong?
<!-- The welcome-file-list contains an ordered list of welcome files
elements. -->
<welcome-file-list>
<!-- The welcome-file element contains file name to use as a default
welcome file, such as index.html -->
<welcome-file>/ui/maximo.jsp?welcome=true</welcome-file>
</welcome-file-list>
<!-- -->
<security-constraint>
<web-resource-collection>
<web-resource-name>MAXIMO OSLC Provider</web-resource-name>
<description>MAXIMO OSLC Provider Security</description>
<url-pattern>/oslc/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Roles that have access to MAXIMO OSLC</description>
<role-name>maximouser</role-name>
</auth-constraint>
<user-data-constraint>
<description>data transmission gaurantee</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>MAXIMO UI pages</web-resource-name>
<description>pages accessible by authorised users</description>
<url-pattern>/ui/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>MAXIMO UI utility pages</web-resource-name>
<description>pages accessible by authorised users</description>
<url-pattern>/webclient/utility/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Roles that have access to MAXIMO UI</description>
<role-name>maximouser</role-name>
</auth-constraint>
<user-data-constraint>
<description>data transmission gaurantee</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!--
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MAXIMO Web Application Realm</realm-name>
</login-config>
-->
<!-- Uncomment this login-config if you want to use form authentication and make
sure the BASIC based login-config above is commented out. NOTE: You still need the
security-constraint about uncommented too.
-->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MAXIMO Web Application Realm</realm-name>
<form-login-config>
<form-login-page>/webclient/login/login.jsp?appservauth=true</form-login-page>
<form-error-page>/webclient/login/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- -->
<security-role>
<description>MAXIMO Application Users</description>
<role-name>maximouser</role-name>
</security-role>
<env-entry>
<description>Indicates whether to use Application Server security or not</description>
<env-entry-name>useAppServerSecurity</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
------------------------------
Diego Visentin
Tempestive S.p.A.
------------------------------
Original Message:
Sent: 03-18-2022 08:34
From: Alex Walter
Subject: Application server authentication doesn't work in a Maximo/WebSphere cluster
Take a look at your web.xml file. I believe that the redirects are defined there for AD form-based authentication.
------------------------------
Alex Walter
A3J Group, LLC
Original Message:
Sent: 03-16-2022 18:43
From: Diego Visentin
Subject: Application server authentication doesn't work in a Maximo/WebSphere cluster
Hi,
I am facing a problem I have never encountered before.
I have successfully configured authentication to ActiveDirectory on a single server Maximo system. Then I did the same steps on a cluster but the Maximo login does not behave as if it were under security (the redirect goes to "login.jsp?welcome=true" instead of "login.jsp?appservauth=true").
The snoop servlet works perfectly, asking for authentication and going well with the right AD credentials.
Any idea of what I can check or how to resolve it?
PS:
I've done this configuration many times over the years, so I've already checked dozens of times for things like the useAppServerSecurity ;-)
#Infrastructure
#Security
------------------------------
Diego Visentin
Tempestive S.p.A.
------------------------------