Troubleshooting single sign-on between Management Center and IBM Digital Analytics

If you encounter issues with single sign-on with , review the possible causes and the actions to take to resolve the issues.

Problem

After you configure single sign-on, business users are still prompted to log on to IBM Digital Analytics separately when you launch the IBM Digital Analytics dashboard or IBM Digital Analytics reports from Management Center.

Solution

Single sign-on issues are often related to incorrect configuration settings in the biConfig.xml file. You can view this file at the following path:

workspace_dir\crs-web\WebContent\WEB-INF\xml\config\bi\biConfig.xml


Possible causes	Actions to take
There is no secret key that is defined in the `<ssoKey>` element in the biConfig.xml file.	Follow the instructions in Configuring the secret key for single sign-on in the analytics configuration file (biConfig.xml).
The secret key that is defined in the `<ssoKey>` element in the biConfig.xml file does not match the secret key that is configured in the IBM Digital Analytics system, or IBM Digital Analytics has not configured the secret key in their system.	Check with your IBM Digital Analytics Support representative to ensure that a secret key is configured in the IBM Digital Analytics system and that it matches the secret key in your biConfig.xml file.
The business user is using an HCL Commerce user name that does not match a IBM Digital Analytics user name, and there is no mapping to a valid IBM Digital Analytics user name in the MBRATTRVAL table.	Add the required mappings by following the instructions in Mapping an HCL Commerce user name to a IBM Digital Analytics user name for single sign-on.
The mapping of the HCL Commerce user name to the IBM Digital Analytics user name is not valid in the MBRATTRVAL table, for example, the IBM Digital Analytics user name is disabled or misspelled.	Check the MBRATTRVAL table to see whether the mapping is correct: Connect to the HCL Commerce database. Issue the following SQL statement to see the current list of HCL Commerce user names that are mapped to IBM Digital Analytics user names: `SELECT LOGONID as WCSUSER, STRINGVALUE as CMUSER from MBRATTRVAL, USERREG where MBRATTRVAL.MEMBER_ID = USERREG.USERS_ID and MBRATTR_ID = (SELECT MBRATTR_ID from MBRATTR where NAME = 'CMCAnalyticsUsername');` If the mapping is not correct, you can correct the mapping by issuing the following SQL statement for a specific HCL Commerce user name: `UPDATE MBRATTRVAL set STRINGVALUE= 'newCoremetricsUsername' where MEMBER_ID = (SELECT USERS_ID from USERREG where LOGONID = 'wcsUsername') and MBRATTR_ID = (SELECT MBRATTR_ID from MBRATTR where NAME = 'CMCAnalyticsUsername');` Where: `newCoremetricsUsername` The corrected IBM Digital Analytics user name. This is the name that the business user uses to log on to IBM Digital Analytics. `wcsUsername` The HCL Commerce user name. This is the name that the business user uses to log on to Management Center. If the mapping is correct, ensure that the IBM Digital Analytics user name is mapped to the same client ID that is defined in your biConfig.xml file: Log on to the IBM Digital Analytics Admin console using an ID with administrator privileges. In the left pane, click Members - Full List. For the specific user name, check whether the associated client ID matches the client ID defined in your biConfig.xml file in the `<clientId>` element. If not, you can use the IBM Digital Analytics Admin console to grant this user access to the defined client ID.
The IBM Digital Analytics client ID defined in the biConfig.xml file in the `<clientId>` element is either not valid or empty.	Correct the client ID in the biConfig.xml file and redeploy the file.

Business users can be prompted to log on to IBM Digital Analytics separately if the timestamp in the IBM Digital Analytics request URL is stale. Typically, this would happen if a business user accessed IBM Digital Analytics through Management Center, bookmarked the URL, and then tried to use the bookmark after the configured amount of time has passed. The timestamp validation is included for security reasons. If you suspect an incorrect timestamp issue, make sure that the system clock and the time zone are set up correctly on the HCL Commerce server.