Highlighted
Absent Member.. Absent Member..
Absent Member..
2153 views

LWSSO and ucmdb_lwsso_conf.xml

Hello Experts,

 

I can't manage to configure LWSSO on UCMDB. I get the following message on log file security.lwsso:

 

<2013-08-13 14:22:11,834> [INFO ] [WrapperSimpleAppMain] - Building of configuration completed in 1469 milliseconds.
<2013-08-13 14:22:28,319> [INFO ] [WrapperSimpleAppMain] - initializing LWSSO from file [lwsso/ucmdb_lwsso_conf.xml].
<2013-08-13 14:22:31,882> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
<2013-08-13 14:22:31,897> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
<2013-08-13 14:22:31,897> [INFO ] [WrapperSimpleAppMain] - Building of configuration completed in 3578 milliseconds.
<2013-08-13 14:22:36,632> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
<2013-08-13 14:22:36,694> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.

 

I tried configuring the initString through the Infrastructure configuration menu and also through JMX Console. But I keep getting the message above.

 

Whenever LWSSO is disabled I am able to login with Active Directory users which are correctly mapped to local groups and correct permissions. However, when I enable LWSSO I can only log in using the system administrator account. Every other try gives me an authentication failure message.

 

I can't find the ucmdb_lwsso_conf.xml file in any of the possible directories in the machine and I have tried creating such file in many locations but I keep getting the same message. Any help on the situation?

0 Likes
5 Replies
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: LWSSO and ucmdb_lwsso_conf.xml

Hi,

You aren't providign us with UCMDB version info, so I'd refer to latest version. Please find attached Hardening Guide for UCMDB 10.01. Please go over Chapter 6 and p.83 in chapter 7.

Please Be sure you're following the documentation during configuration.

 

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: LWSSO and ucmdb_lwsso_conf.xml

The UCMDB version is 10.00.960.

 

As a matter o fact that is the same guide I have used to try to configure LWSSO.

Following is the configuration retrieved from the mbean in the jmx console.

 

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: LWSSO and ucmdb_lwsso_conf.xml

Trusted domains is important part of configuration. It's all depend on how you address to UCMDB. In all cases other then IP you have to provide trusted domain in configuration and FQDN as URL.

 

BTW, I'd recommend you to upgrade to UCMDB 10.01 at your earliest. There are many bugs fixes in the release and Cumulative patches are coming once in a while.

Hope this helps.

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: LWSSO and ucmdb_lwsso_conf.xml

I believed that trusted domains should be used when dealing with a multi-domain environment. Which is not my case.

 

I have realized the following:

 

I have LWSSO already configured in BSM. Whenever I log in at BSM and then open the UCMDB, single sign-on works, enabling me to log in with any user in LDAP. However if I log out with that user and then try to log in again in UCMDB, I get an authentication failure.

 

bsf_security shows the following messages:


2013-08-13 15:42:10,845 [qtp197491295-210] - ValidationPoint can not redirect, since authenicationPointServer [] or authenicationPointURL [secure/authenicationPointURL.jsp] is null.

 

The parameter validation point is actually null in my configurations. Is that mandatory?

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: LWSSO and ucmdb_lwsso_conf.xml

HP has a defect opened for removing  WARN  - ValidationPoint can not redirect, since authenicationPointServer [] or authenicationPointURL  from error log.

This is not root cause...

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.