Idea ID: 2751934

Does anyone have a running idmService (SAML - standalone) installation?

Status : Declined
over 1 year ago

My following configuration:

Last version TomCat 9.0.20
idmService version shipped with SM 9.61
Service Manager 9.60
All 19 tasks of the MF Guide are done. idmService also boots cleanly (https://docs.microfocus.com/SM/9.60/Codeless/Content/security/tasks/idm_install_idm_service.htm).

But when I call the SM Webtier I get the following entry in the idmService Log:

2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] WARN com.hp.ccue.identity.hpsso.HpSsoValidator - HP SSO authentication failed: [VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login]: initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] WARN com.hp.ccue.identity.hpssoImpl.validators.ValidatorsInvoker - VALIDATION: ValidatorsInvoker:runValidators - Validator HP SSO 2.0 Validator finished running with status Status: ID=4dgPBlYE VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] INFO com.hp.ccue.identity.hpssoImpl.api.HpSsoFilter - VALIDATION: Finished HpSsoFilter validations. result: Status: ID=4dgPBlYE VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] INFO com.hp.ccue.identity.hpssoImpl.api.HpSsoFilter - VALIDATION: Finished HpSsoFilter validations (SSO not passed).

 

I'm happy to hear from you. So far MF Support has not been able to help me in this matter.
Again, it is NO SMAX Portal installation. It is a standalone installation, the idmService should activate SAML. And YES...I have already searched the internet a hundred times for the displayed error messages. Unfortunately without success.

Labels:

SMA-SM
Parents
  •  

    thank you for the hint. Meanwhile it is upgraded to 9.61 incl. RAD Application. But unfortunately the same issue. I get not HP SSo Cookie. I have no clue anymore.

    Maybe, the ADFS service is in a cloud with a different domain than other installations (idMService, SM webtier etc.).  I have already told or pointed this out to the support several times. But so far nothing useful came. 
    Unfortunately I can only specify one domain in the "hpssoConfig.xml" under 

    <creation tokenGlobalTimeout="480" tokenIdleTimeout="30" secureHTTPCookie="false"> <!-- lwsso is required --> <lwsso> <!-- domain is required HPSSO 1.0 version supports a single domain only. All servers using HPSSO should have the same domain and it should be denoted in this tag --> <creationDomains> <!-- for development environments only! --> <domain>mydomain.com</domain> </creationDomains> </lwsso> </creation>

     

    It is really very confusing because in "Task 4 - Configure SAML SSO" the following is said:

    "Note All components that participate in SAML except the SM Server (the IdM service, SM web tier, SRC, and Mobility Client) must be in the same domain, because HP SSO cookies are domain-specific."

     Thank you

Comment
  •  

    thank you for the hint. Meanwhile it is upgraded to 9.61 incl. RAD Application. But unfortunately the same issue. I get not HP SSo Cookie. I have no clue anymore.

    Maybe, the ADFS service is in a cloud with a different domain than other installations (idMService, SM webtier etc.).  I have already told or pointed this out to the support several times. But so far nothing useful came. 
    Unfortunately I can only specify one domain in the "hpssoConfig.xml" under 

    <creation tokenGlobalTimeout="480" tokenIdleTimeout="30" secureHTTPCookie="false"> <!-- lwsso is required --> <lwsso> <!-- domain is required HPSSO 1.0 version supports a single domain only. All servers using HPSSO should have the same domain and it should be denoted in this tag --> <creationDomains> <!-- for development environments only! --> <domain>mydomain.com</domain> </creationDomains> </lwsso> </creation>

     

    It is really very confusing because in "Task 4 - Configure SAML SSO" the following is said:

    "Note All components that participate in SAML except the SM Server (the IdM service, SM web tier, SRC, and Mobility Client) must be in the same domain, because HP SSO cookies are domain-specific."

     Thank you

Children
No Data