Updated SSO / TSO Batch

Hello,

Few weeks ago I had to implement SSO for a 9.52 customer and I faced with a warning message as below.

Warning: the jks keystore uses a proprietary format. it is recommended to migrate to pkcs12

Also I wasn't able to establish SSO, so I've started to search and I found that with JRE Update 1.8.161 (8u161) certificate procedure has changed. After some reseacrch and trial and error attemps I've updated  "KM773556 Trusted and Single SignOn using Service Manager" batches.

Customer environment has only one instance so I haven't used tso_2nd_srvs_svlt.bat therefore I cannot identify changes on that batch. 

tso_srv_svlt.bat

line: 

%OPENSSL% req -new -key key/cakey.pem -x509 -days 1095 -out certs\mycacert.pem -config ./openssl.conf -passin pass:�ROOT_PASSWD%

to be:

%OPENSSL% req -new -key key/cakey.pem -sha256 -x509 -days 1095 -out certs\mycacert.pem -config ./openssl.conf -passin pass:�ROOT_PASSWD%

and line:

%KEYTOOL% -genkey -alias smserver -keystore key/server.keystore -storepass %SERVER_KEYSTORE_PASSWD%

to be:

%KEYTOOL% -genkey -keyalg RSA -keysize 2048 -storetype pkcs12 -alias smserver -keystore key/server.keystore -storepass %SERVER_KEYSTORE_PASSWD%

tso_cln_svlt.bat

line:

%KEYTOOL% -genkey -alias %1 -keystore key/%1.keystore -storepass %CLIENT_KEYSTORE_PASSWD%

to be:

%KEYTOOL% -genkey -keyalg RSA -keysize 2048 -storetype pkcs12 -alias %1 -keystore key/%1.keystore -storepass %CLIENT_KEYSTORE_PASSWD%

You can validate your produced "crs\servercert_request.crs" or "crs\clientcert_request.crs" from below URL:

https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp

Regards,
Sadun

Tags:

Parents
  • Hello,

    After update Java from 1.8.0_101 to 1.8.0_191  SSO stopped working with error  “Fault string, and possibly fault code, not set”.

    If you connect directly to Tomcat through port 8080 login form appears and after entering credentials you successfully enter to SM.

    I decided to reissue certificates (taking into account the recommendations of Sadun).

    But it was same error “Fault string, and possibly fault code, not set” after reissue of certificates.

    tomcat log:

    2018-11-28 11:38:58,169 ERROR [ajp-nio-8009-exec-6] [User-44d3013e8e] [com.hp.ov.sm.client.webtier.SCLogging] response:

    <Fault>

    <faultcode>SOAP-ENV:Server</faultcode>

    <faultstring>Fault string, and possibly fault code, not set</faultstring>

    <faultactor>Server</faultactor>

    </Fault>

    2018-11-28 11:38:58,169 ERROR [ajp-nio-8009-exec-6] [User-44d3013e8e] [com.hp.ov.sm.client.webtier.SCLogging] The soap fault is : SOAP-ENV:Server

    http.log:

    6248(  4012)  11/28/2018 11:38:58.101

    HttpLog: session ID has not been set yet.

      6248(  4012)  11/28/2018 11:38:58.101

    POST /SM/ui HTTP/1.1

    accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

    authorization: User: User Password:******

    pragma: TrustedSignOn, requestnum="52", D62654A58998DCD546B4E6A0045EC15D

    soapaction: "getPreferences"

    connection: close

    content-type: text/xml; charset=utf-8

    cache-control: no-cache

    user-agent: Java/1.8.0_191

    host: SERVER.domain.com:13080

    content-length: 835

      6248(  4012)  11/28/2018 11:38:58.103

    HttpLog: session ID has not been set yet.

      6248(  4012)  11/28/2018 11:38:58.103

    HTTP/1.1 307

     

    Help me somebody please.

Reply
  • Hello,

    After update Java from 1.8.0_101 to 1.8.0_191  SSO stopped working with error  “Fault string, and possibly fault code, not set”.

    If you connect directly to Tomcat through port 8080 login form appears and after entering credentials you successfully enter to SM.

    I decided to reissue certificates (taking into account the recommendations of Sadun).

    But it was same error “Fault string, and possibly fault code, not set” after reissue of certificates.

    tomcat log:

    2018-11-28 11:38:58,169 ERROR [ajp-nio-8009-exec-6] [User-44d3013e8e] [com.hp.ov.sm.client.webtier.SCLogging] response:

    <Fault>

    <faultcode>SOAP-ENV:Server</faultcode>

    <faultstring>Fault string, and possibly fault code, not set</faultstring>

    <faultactor>Server</faultactor>

    </Fault>

    2018-11-28 11:38:58,169 ERROR [ajp-nio-8009-exec-6] [User-44d3013e8e] [com.hp.ov.sm.client.webtier.SCLogging] The soap fault is : SOAP-ENV:Server

    http.log:

    6248(  4012)  11/28/2018 11:38:58.101

    HttpLog: session ID has not been set yet.

      6248(  4012)  11/28/2018 11:38:58.101

    POST /SM/ui HTTP/1.1

    accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

    authorization: User: User Password:******

    pragma: TrustedSignOn, requestnum="52", D62654A58998DCD546B4E6A0045EC15D

    soapaction: "getPreferences"

    connection: close

    content-type: text/xml; charset=utf-8

    cache-control: no-cache

    user-agent: Java/1.8.0_191

    host: SERVER.domain.com:13080

    content-length: 835

      6248(  4012)  11/28/2018 11:38:58.103

    HttpLog: session ID has not been set yet.

      6248(  4012)  11/28/2018 11:38:58.103

    HTTP/1.1 307

     

    Help me somebody please.

Children