Clarity

Hi All,

I had faced issues logging into XOG client from 13.3 and raised a question here which was resolved.

XOG Client - OnDemand App

Now, the Ondemand environment is SSO Enabled. So again i am facing the same Login issue as discussed in the above post.

Here is the property file input i am using,

servername=***.ondemand.ca.com

portnumber=443

sslenabled=true

fipsenabled=false

output=out.xml

username=YYY

password=ZZZ

input=../xml/groups_read.xml

Output is: XOG Invoke Failed.

Note: There is no proxy. I am connecting from my home.

The credentials used are correct. As SSO is enabled in the application now the login page is "ondemand.ca.com" which redirects to ***.ondemand.ca.com

i tried using both URL. also tried pinging the server and took the IP and replaced in the servername and tried.(Request got timed out but we get the IP)

All gives the same error.

Anyone working in similar setup?

Thanks,

Aishwarya

Have you tried using a xog user with the External Authentication unchecked (on the admin side), and having all the necessary xog rights ?

I would suggest to refrain from using personal accounts.

NJ

Hi,

Because you are using SSO now, you will need to request vpn access from the OD Team.  Just open a case with On Demand for this.

Once you are logged into the vpn, you should be able to xog successfully.

NOTE:  If the external authentication option at the bottom of the resource's page on the admin side is checked, you will use the same password that you use to log into Clarity.  However, if that option is unchecked, you will need to set a password in Clarity and then use the Clarity password for xogging.

Sincerely yours,

Jeanne Gaskill

Senior Support Engineer - Clarity

CA Technologies

Thanks Jeanne for the detailed response

Thanks Jeanne

NJ

I realise this thread has been dormant a while, but I came across it whilst searching for something and since others may also find it similarly, I wanted to clarify something.

SSO in OnDemand environments (whether they are portal SSO or federated) do not require vpn access for XOG and web service calls.  If there are problems, they may well need to be involved for understanding or resolving what those problems are, but generally speaking the SSO doesn't block access to logging in otherwise other non-SSO apps (OWB, MSP, MTM) also would not work without VPN, and that isn't the case.

One of the main issues that typically occurs is that SSO users are oblivious to the need to maintain passwords on the Clarity / OnDemand side of things.

Whether the password is being authenticated in Clarity for the XOG user, or authenticated by the same LDAP password that the OnDemand portal is using, the password needs to fulfil the criteria of any password requirements (minimum lengths, etc.) and must not have expired.  You also need to know what that password is set to, obviously, since the Clarity password (when not using External Authentication) won't be synched with the LDAP/SSO one.

You also cannot un-expire (by changing) a password through XOG and so it just appears to fail to login when this happens, sometimes with no apparent way to reset the expired flag.  To remove the expired flag for a user that doesn't have External Authentication enabled requires logging into Clarity's web UI as that user and being challenged with the Old Password / New Password / Confirm New Password change prompt - which for an SSO enabled environment, you probably don't have access to do unless you also have a non-SSO enabled app server you can reach.

If you are not using Federated SSO but do use the OnDemand portal, your best option (probably) is to have your XOG users in Clarity be setup to use External Authentication and just make sure you are aware of any password changes made for these users on the portal.

As a topic, it does provide some challenges (and not every environment is the same so the answer can vary), however it's not a problem that VPN access typically assists in resolving or negates; so you should only get VPN for some other reason that definitely needs it.

Hi,

I'm facing the same issue with our 14.2 On-Demand CA PPM Installation (SSL). I'm trying to connect from my PC (Windows) to xog client, with the following steps:

1) Add Java JDK 7 folder to JAVA_HOME and JAVA_HOME/bin to PATH.

2) Go to xogclient\bin and execute "xog -sslenabled true"

3) login admin/password@***.ondemand.ca.com:443

The response is:

XOG Invoke Failed

Connection timed out: connect

Can anyone give me a hand with this issue?

Regards,

Marc

Do you know if you require a proxy configuration to connect to external (internet) sites?

If so, you may have a setup for that already in your browser, but as the XOG Client runs inside a Java JVM you would possibly also need to setup proxy parameters for XOG as well.

References to check:

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1824899.aspx

Xog through Proxy Server

Thank you so much Nick. I finally made it work editing the xog.bat file and adding "-DproxySet=true -Dhttps.proxyHost="URL" -Dhttps.proxyPort="PORT"-Dhttps.proxyUser="USER"-Dhttps.proxyPassword="PASSWORD" " into PROGRAM_ARGS line.