Solutions

CM/SDA/SRA/SDA/RLM: Error "SSO Gatekeeper error has occurred: Error obtaining security token. Validation of WS-Federation token failed with code 40:Token issuer not allowed"



ID:    S140637
Published:    30 July 2014
Updated:    17 November 2016

Operating System(s)

  • All Windows

Product(s)

  • Deployment Automation
  • Development Manager
  • Dimensions CM
  • Release Automation
  • Release Control
  • Release Manager
 

Description

If when attempting to log on to a Serena product using single sign-on (SSO), such as the Serena ALM Configurator or the Serena Deployment Automation user interface, you receive the following error, you must update your SSO STS certificates.

ALF SSO Gatekeeper error has occurred: Error obtaining security token.

Detail

Validation of WS-Federation token failed with code 40:Token issuer not allowed.

Note: Serena Release Automation was renamed to Serena Deployment Automation in version 5.1.2

Resolution

To update your SSO STS certificates:

On the server where SBM is installed:

If you are using SBM 10.1.1.4+:

  1. Start SBM Configurator and navigate to Security | Secure SBM | Trust Keys | STS.
     
  2. Under Actions, select Export Certificate to export the certificate. Save this as a .pem file (for example to C:\Temp\sts.pem)

On each machine where the Serena Common Tomcat is installed:

  1. Stop Tomcat.
     
  2. Copy the sts.pem file to that machine (for example to C:\Temp\sts.pem)
     
  3. Under the folder where the common Tomcat is installed, make a backup of the truststore.jks file. The default location for this file is:

    Deployment Automation / Release Automation / Release Manager:

       For RLM 4.x: C:\Program Files\Common\tomcat\6.0\alfssogatekeeper\conf\truststore.jks
       For SRA 5.x: C:\Program Files\Common\tomcat\7.0\alfssogatekeeper\conf\truststore.jks
       For SDA 6.x: C:\Program Files\Serena\common\tomcat\8.0\alfssogatekeeper\conf\truststore.jks


    Dimensions:

       For Dimensions 12.2.x:  C:\Program Files\Serena\Dimensions 12.2\Common Tools\tomcat\6.0\alfssogatekeeper\conf\truststore.jks
       For Dimensions 14.1.x:  C:\Program Files\Serena\common\tomcat\7.0\alfssogatekeeper\conf\truststore.jks
       For Dimensions 14.2.x:  C:\Program Files\Serena\common\tomcat\8.0\alfssogatekeeper\conf\truststore.jks
     
  4. Under the same Common Tools or Common folder, Open a command prompt and navigate to \jre\6.0\bin (or \jre\7.0\bin or \jre\8.0\bin).
     
  5. Delete the existing STS certificate, using the following command. Enter the default password changeit when prompted.

    Deployment Automation / Release Automation / Release Manager:

       For RLM 4.x: keytool -delete -keystore "C:\Program Files\Common\tomcat\6.0\alfssogatekeeper\conf\truststore.jks" -alias sts
       For SRA 5.x: keytool -delete -keystore "C:\Program Files\Common\tomcat\7.0\alfssogatekeeper\conf\truststore.jks" -alias sts
       For SDA 6.x: keytool -delete -keystore "C:\Program Files\Serena\common\tomcat\8.0\alfssogatekeeper\conf\truststore.jks" -alias sts


    Dimensions (depending on the version of Dimensions):

       keytool -delete -keystore "C:\Program Files\Serena\Dimensions 12.2\Common Tools\tomcat\6.0\alfssogatekeeper\conf\truststore.jks" -alias sts
       keytool -delete -keystore "C:\Program Files\Serena\common\tomcat\7.0\alfssogatekeeper\conf\truststore.jks" -alias sts
       keytool -delete -keystore "C:\Program Files\Serena\common\tomcat\8.0\alfssogatekeeper\conf\truststore.jks" -alias sts

     
  6. Import the new certificate C:\Temp\sts.pem file into truststore.jks using the following command. Enter the default password changeit when prompted.

    Deployment Automation / Release Automation / Release Manager:

        For RLM 4.x: keytool -import -keystore "C:\Program Files\Common\tomcat\6.0\alfssogatekeeper\conf\truststore.jks" -file "C:\temp\sts.pem" -alias sts
        For SRA 5.x: keytool -import -keystore "C:\Program Files\Common\tomcat\7.0\alfssogatekeeper\conf\truststore.jks" -file "C:\temp\sts.pem" -alias sts
        For SDA 6.x: keytool -import -keystore "C:\Program Files\Serena\common\tomcat\8.0\alfssogatekeeper\conf\truststore.jks" -file "C:\temp\sts.pem" -alias sts


    Dimensions (depending on the version of Dimensions):

        keytool -import -keystore "C:\Program Files\Serena\Dimensions 12.2\Common Tools\tomcat\6.0\alfssogatekeeper\conf\truststore.jks" -file "C:\temp\sts.pem" -alias sts
        keytool -import -keystore "C:\Program Files\Serena\common\tomcat\7.0\alfssogatekeeper\conf\truststore.jks" -file "C:\temp\sts.pem" -alias sts
        keytool -import -keystore "C:\Program Files\Serena\common\tomcat\8.0\alfssogatekeeper\conf\truststore.jks" -file "C:\temp\sts.pem" -alias sts

     
  7. After entering the password changeit, when prompted with Trust this certificate? [no]:, reply Y.
     
  8. Restart Tomcat.

If this is the Dimensions CM Server, also do the following:

  1. Stop the Dimensions Listener service
     
  2. Create a backup of sts.pem file which is located in the following location:
    For Dimensions 12.2.x:  C:\Program Files\Serena\Dimensions 12.2\CM\dfs\sts.pem
    For Dimensions 14.1.x:  C:\Program Files\Serena\Dimensions 14.1\CM\dfs\sts.pem
    For Dimensions 14.2.x:  C:\Program Files\Serena\Dimensions 14.2\CM\dfs\sts.pem
  3. Copy the file C:\Temp\sts.pem to
    For Dimensions 12.2.x:  C:\Program Files\Serena\Dimensions 12.2\CM\dfs\sts.pem
    For Dimensions 14.1.x:  C:\Program Files\Serena\Dimensions 14.1\CM\dfs\sts.pem
    For Dimensions 14.2.x:  C:\Program Files\Serena\Dimensions 14.2\CM\dfs\sts.pem
  4. Restart the Dimensions Listener service.

 


Rate this Solution

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs