Guest

Preview Tool

Cisco Bug: CSCur59157 - EC has SSO turned on after ECS upgrade but it not functioning correctly

Last Modified

Jun 08, 2017

Products (1)

  • Headend System Releases

Known Affected Releases

ecs-2.0-13

Description (partial)

Symptom:
Upgraded to ECS2.0-13 from ECS2.0-10. Prior to the upgrade the two EC's which were registered, were unregistered and SSO turned off. Upon completion of the upgrade, the two EC's were regionalized and SSO turned on. However SSO was not functioning because the EC login credentials were always needed for access the EC and the SAIdncs.auth file continues to point to /etc/apache2/user-conf/SAIdncs.auth.auth_digest instead of /etc/apache2/user-conf/SAIdncs.auth_sso. Also Getting ?No file found? when selecting ?Data File URL ? link after Export from EC operation is performed.
The SAIdncs.auth details are listed below.

<Location ~ "/(dncs|appserv|sareports|cgi-bin)/(?!(soap|mgr))">
        Order Allow,Deny
        Allow from All
        AuthType Digest
        AuthName "Cisco DNCS"
        AuthDigestDomain /dncs/ /appserv/ /sareports/
        AuthDigestProvider file
        AuthUserFile /etc/apache2/user-conf/SAIdncs.digest
        Require valid-user
        Satisfy all
    </Location>

    <Location ~ "/(dncs|appserv)/soap/">
        Order Deny,Allow
        Deny from All
        Allow from localhost
        Allow from dncs austin
        Satisfy any
    </Location>

    <Location /dncs/mgr/>
        Order Deny,Allow
        Deny from All
        Allow from localhost
        Allow from dncs austin
        Satisfy any
 ErrorDocument 403 "<html><head><title>Error 403</title></head><body><h2>SECURITY WARNING</h2>Web connections to /dncs/mgr/ location are not allowed.</body></html>"
    </Location>

Conditions:
Upgraded to ECS2.0-13 from ECS2.0-10. Prior to the upgrade the two EC's which were registered, were unregistered and SSO turned off. Upon completion of the upgrade, the two EC's were regionalized and SSO turned on. However SSO was not functioning because the EC login credentials were always needed for access the EC and the SAIdncs.auth file continues to point to /etc/apache2/user-conf/SAIdncs.auth.auth_digest instead of /etc/apache2/user-conf/SAIdncs.auth_sso. Also Getting ?No file found? when selecting ?Data File URL ? link after Export from EC operation is performed.

The SAIdncs.auth details are listed below.

<Location ~ "/(dncs|appserv|sareports|cgi-bin)/(?!(soap|mgr))">
        Order Allow,Deny
        Allow from All
        AuthType Digest
        AuthName "Cisco DNCS"
        AuthDigestDomain /dncs/ /appserv/ /sareports/
        AuthDigestProvider file
        AuthUserFile /etc/apache2/user-conf/SAIdncs.digest
        Require valid-user
        Satisfy all
    </Location>

    <Location ~ "/(dncs|appserv)/soap/">
        Order Deny,Allow
        Deny from All
        Allow from localhost
        Allow from dncs austin
        Satisfy any
    </Location>

    <Location /dncs/mgr/>
        Order Deny,Allow
        Deny from All
        Allow from localhost
        Allow from dncs austin
        Satisfy any
 ErrorDocument 403 "<html><head><title>Error 403</title></head><body><h2>SECURITY WARNING</h2>Web connections to /dncs/mgr/ location are not allowed.</body></html>"
    </Location>
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.