Idea ID: 2751934

Does anyone have a running idmService (SAML - standalone) installation?

Status : Declined
over 1 year ago

My following configuration:

Last version TomCat 9.0.20
idmService version shipped with SM 9.61
Service Manager 9.60
All 19 tasks of the MF Guide are done. idmService also boots cleanly (https://docs.microfocus.com/SM/9.60/Codeless/Content/security/tasks/idm_install_idm_service.htm).

But when I call the SM Webtier I get the following entry in the idmService Log:

2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] WARN com.hp.ccue.identity.hpsso.HpSsoValidator - HP SSO authentication failed: [VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login]: initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] WARN com.hp.ccue.identity.hpssoImpl.validators.ValidatorsInvoker - VALIDATION: ValidatorsInvoker:runValidators - Validator HP SSO 2.0 Validator finished running with status Status: ID=4dgPBlYE VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] INFO com.hp.ccue.identity.hpssoImpl.api.HpSsoFilter - VALIDATION: Finished HpSsoFilter validations. result: Status: ID=4dgPBlYE VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] INFO com.hp.ccue.identity.hpssoImpl.api.HpSsoFilter - VALIDATION: Finished HpSsoFilter validations (SSO not passed).

 

I'm happy to hear from you. So far MF Support has not been able to help me in this matter.
Again, it is NO SMAX Portal installation. It is a standalone installation, the idmService should activate SAML. And YES...I have already searched the internet a hundred times for the displayed error messages. Unfortunately without success.

  •    

    IDEA EXCHANGE is not a good place to discuss and solve configuration problems like this one. You said you have a support case open before. Can you please provide the support case ID and we will follow from there. 

    Thank you.

    Yolanda

  •  

    thank you for the hint. Meanwhile it is upgraded to 9.61 incl. RAD Application. But unfortunately the same issue. I get not HP SSo Cookie. I have no clue anymore.

    Maybe, the ADFS service is in a cloud with a different domain than other installations (idMService, SM webtier etc.).  I have already told or pointed this out to the support several times. But so far nothing useful came. 
    Unfortunately I can only specify one domain in the "hpssoConfig.xml" under 

    <creation tokenGlobalTimeout="480" tokenIdleTimeout="30" secureHTTPCookie="false"> <!-- lwsso is required --> <lwsso> <!-- domain is required HPSSO 1.0 version supports a single domain only. All servers using HPSSO should have the same domain and it should be denoted in this tag --> <creationDomains> <!-- for development environments only! --> <domain>mydomain.com</domain> </creationDomains> </lwsso> </creation>

     

    It is really very confusing because in "Task 4 - Configure SAML SSO" the following is said:

    "Note All components that participate in SAML except the SM Server (the IdM service, SM web tier, SRC, and Mobility Client) must be in the same domain, because HP SSO cookies are domain-specific."

     Thank you

  •   It seems the customer is using SM9.60 to connect with IDM Service released with 9.61. Can you please confirm the version info. If this is true, this combination is not supported.  

    Please upgrade SM (at least both Server and Client) to SM9.61 and then connect with iDM Service 9.61. 

    Also can you please provide the support case you opened, we will see how to proceed next.

  •  we've been opening a support case for weeks. And nobody from MF is able to solve our problem. Although the customer pays a so-called premium support. This is definitely not a premium support that is provided.
    So now I want to know if there is anyone who successfully runs the idMService STANDALONE version. Someone outside of MF. With us the patience is at the end.

  •  could you please ask support to elevate the support case to CORE CPE for further investigation?