Troubleshooting integrated login issues with users originating from multiple domains
Posted: Sat Oct 30, 2021 6:57 am
At some clients users connect from multiple domains.
Typically all that is needed is an update on the UNIQUEID to have the relevant domain included there. Sometimes however some users cannot connect and you need to try trace which domain TM1 is actually seeing them originate from.
Up until now this has been impossible, for me at any rate, until I found a logger option for SSPISecurity.
Add TM1.SSPISecurity (Windows - Security Support Provider Interface) as a logger in the TM1S-Log.properties e.g.:
Results should give you detail about the user's identity:
Also worthwhile pointing out that if you are troubleshooting for TM1 Web, the STDOut log in tm1_64\logs may have some insights in terms of failure status codes e.g. KrbException, status code: 18 message: Clients credentials have been revoked.
Typically all that is needed is an update on the UNIQUEID to have the relevant domain included there. Sometimes however some users cannot connect and you need to try trace which domain TM1 is actually seeing them originate from.
Up until now this has been impossible, for me at any rate, until I found a logger option for SSPISecurity.
Add TM1.SSPISecurity (Windows - Security Support Provider Interface) as a logger in the TM1S-Log.properties e.g.:
Code: Select all
log4j.logger.TM1.SSPISecurity=DEBUG, LOGGER
log4j.appender.LOGGER=org.apache.log4j.SharedMemoryAppender
log4j.appender.LOGGER.MemorySize=5 MB
log4j.appender.LOGGER.File=c:/temp/temp/tm1logger.txt
log4j.appender.LOGGER.MaxFileSize=5 MB
log4j.appender.LOGGER.MaxBackupIndex=5
log4j.appender.LOGGER.Timezone=Local