An external system(for example, SSO module set up as in documentation) tries to register a session in OA using one of the following links:
http://<UI IP>:8080/servlet/Sessions?event=login&user=<USERNAME>&password=<PASSWORD> http://cp.brand01.com/servlet/Sessions\?event=login&login=<USERNAME>&password=<PASSWORD>&session_id=000001
Or via secret:
http://<UI IP>:8080/servlet/Sessions?event=login&user=<USERNAME>&secret=<PASSWORD> http://cp.brand01.com/servlet/Sessions\?event=login&login=<USERNAME>&secret=<SECRET>&session_id=000001
403 - ERROR:javax.servlet.ServletException: Can't login
Login and password are valid.
Customers attached to brands can login using their branded URL only. This is default behavior, but can be changed for enabling some special integration with external systems which do not operate with OA brands.
To enable login from different brands, one should add the following string:
In OA 6.0 this line should be added to the following file:
In OA 7.0 service 'pau' is responsible for OA UI, so in OA 7.0 this line should be added in the following file:
When aforementioned modifications would be applied please restart OA UI on the OA UI host:
For OA 6.0:
For OA 7.0 (please check this KB Article for additional details regarding services restart in OA 7.0):
In case UI is running on NG cluster, this modification has to be made on all nodes of the cluster.
Note: the correct way to add this line would be on a new line, without indentation, e.g.:
client.include.resources = rc.ve_backup.diskspace, rc.ve_backup.management, \ ... winmedia_ondemand_points allow.login.from.different.brand=yes
Note: It is not recommended to keep this parameter in
/usr/local/pem/ui/WEB-INF/conf/TurbineResources.properties - this file may be overwritten during updates.