single-sign-onkerberosdocumentumemcwebtop

Webtop 6.7 SP1 GUI missing frames after login by SSO auth


I have terrible issue with Webtop 6.7 SP1 P12 (I have tried also testing P26) with SSO (kerberos) login into Webtop application.

On the user enviroment Web browser is in version IE 8.0.7601.17514 and operation system is Windows 7. When I login into application (SSO authentication is succesful) result screen is missing some frame: enter image description here

Sometimes frames are not behaving like this: enter image description here

in this case URL is also strangely modified (part of it was deleted).

Java (1.6.0.27) is installed correctly. I also checked security setttings on JAVA and IE, but I don't see any incorrect parameters here.

When I use web browser Firefox 3.5.19 to login into the Webtop (SSO is active too) GUI is loaded correctly with frames..

My another test was under operation system Windows XP, IE 8.0.6001.18702. The Webtop GUI workiing correctly.

When I tried logging into Webtop instead of the hostname by use IP address application server, GUI working correctly. In this case SSO is off.

I tried change verzion JAVA vs IE but nothing helps.

Wireshark network protocol analyze capture this HTTP issue: enter image description here

this problem occurs on 6 users of total 100.

Please, do you have any ideas for me?

Thank you so much.

Lukas


Solution

  • Investigating further we found that non-working users were part of 100+ AD groups resulting in a large kerberos token size.

    I changed tomcat config file "server.xml" to increase http header limit to "maxHttpHeaderSize="16384"".

    <Connector port="8080" maxHttpHeaderSize="16384" protocol="HTTP/1.1" ... />
    

    Here is the link to fix:

    http://blogs.adobe.com/livecycle/2012/08/avoiding-livecycle-kerberos-based-sso-problems-for-active-directory-users-with-large-group-memberships.html