Highlighted
Honored Contributor.
Honored Contributor.
721 views

Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

I have downloaded the local client and configured it per the documentation.

When I try to connect I get a failed to connect.  The URL is wrong.

I have client authentication configured.  The URL has https://<UCMDB Server>:8444/ucmdb-ui/login_page.jsp.  However, our URL has /ucmdb-ui/applet/applet.jsp.  I put that part into the context in the configuration.  It takes it, but appends the /ucmdb-ui/login_page.jsp.

Is there a way to get a differet URL to connect?  I set the target env to CMS.  The documentation doesn't indicate when each is option is used.

Thanks,

Mel

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

Mel,

From your explanation it appears you have configured CAC/PKI authentication on port 8444, which is still not supported by the Local Client. You are using Internet Explorer SSL store to authenticate and that's why you don't see the login screen. But what if you connect to Chrome incognito mode or Firefox using port 8443? You should be then seeing the login screen?

If so, you can define some UCMDB user, which will be using the local authentication, instead of CAC. Or write R&D to code CAC support in the future version of LocalClient. Or if you are really adventurous, research how to hack CAC/PKI into the included LocalClient portable jre.

Cheers,

Petko Popadiyski

Freelance Microfocus CMS UCMDB Consulting

Likes are appreciated!

View solution in original post

0 Likes
7 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

Hi Mel,

 

port 8444? You have changed the 8443 port?

Your URL ucmdb-ui/applet/applet.jsp is after login. If you go to a new session and you want to login, the proper URL is ucmdb-ui/login_page.jsp. It hasn't changed even in version 2018.08. 

In the Local_Client folder you have UCMDB_Local_Client.log log file. Check inside. If I put a wrong port, I get also fail to connect. 

Cheers,

Petko Popadiyski

Freelance Microfocus CMS UCMDB Consulting

 

Likes are appreciated!
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

I show how I configure mine, I hope this helps:

 

 

20180822local_client_ucmdb.PNG

 

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

Petko,

The configuration was set up by someone else, but when you configure client authentication things change.  There is no login page to enter credentials.  When you have a PKI certificate in the browser that matches a user defined in UCMDB, the user is given access to the admin GUI or the browser.  Our browser URL also uses 8444/ucmdb-browser. There is a sign in screen but you just click on it.  There is no place to enter credentials.

There is a section in the manual, which implies someone is aware of client authentication in terms of getting the certificate, but the URL is looking for login, but my link assumes validation outside of a login.

I tried 8443 and I got a certificate pop-up.  I continued, but still failed..

CUP6 may have also impacted.  When I log out, I get a login screen, which is not what happened before CUP6.

Whether there is an editable file or a jar needs to be redone, the URL needs to change or be modifyable by the user.

 

Mel

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

Mel,

From your explanation it appears you have configured CAC/PKI authentication on port 8444, which is still not supported by the Local Client. You are using Internet Explorer SSL store to authenticate and that's why you don't see the login screen. But what if you connect to Chrome incognito mode or Firefox using port 8443? You should be then seeing the login screen?

If so, you can define some UCMDB user, which will be using the local authentication, instead of CAC. Or write R&D to code CAC support in the future version of LocalClient. Or if you are really adventurous, research how to hack CAC/PKI into the included LocalClient portable jre.

Cheers,

Petko Popadiyski

Freelance Microfocus CMS UCMDB Consulting

Likes are appreciated!

View solution in original post

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

Petko,

I am not that adventurous.

Since I am not using a browser, I didn't understand your reference to Chrome or Firefox.

I will try to see if I can get an enhancement request for PKI support in the future, but that won't help me now.

Thanks for the help.

Mel

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

What I wanted to say is that the login URL is still there, just you are skipping it when using CAC/PKI. If you can login with a browser other than IE, such as Chrome incognito or Firefox, then you will manage using LocalClient with a separate special user, which is described in the UCMDB Administration section in Users/Groups.

Petko

Likes are appreciated!
0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Using UCMDB Local client to connect to UCMDB 10.22 with client authentication

Jump to solution

Petko,

I will wait for a version that has what I need.

 

Thanks,

Mel

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.