Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
1771 views

BSM 9.12 SSO question

Hello all!

I have question about SSO in BSM 9.12.

Can I configure the LW-SSO in BSM 9.12 to login BSM automatically  with user MS Active Directory account  which be entered to login Windows?

I want to do the followingwhen the user opens BSM console it is automatically login BSM using Windows session credentials. This feature is available in the HP Service Manager (without another product).

From the document "HP BSM - Platform Administration", I learned that exists IDM-SSO, whether it is necessary to solve the problem? Do I understand correctly that the IDM-SSO is not part of the HP BSM and is necessary to buy a separate product (Identity Manager)?

As an authenticator used MS Active Directory.


Tags (2)
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

You cannot use Windows session credentials automatically to login to BSM. You need to type your AD credentials explicitly in the BSM login window (of course, LDAP authentication strategy in BSM must be configured prior to it). Don't confuse LW-SSO (used for SSO between HP Software products) and LDAP authentication strategy.

 

If LW-SSO is for HP Software products only, IDM-SSO is for any arbitraty products for which you want SSO solition. No, you don't need to buy Identity Manager. You can use any IDM-SSO product, e.g. SiteMinder, that allows you to provide SSO for different applications. And whether you will be able to login to BSM automatically based on your Windows session credentials depends on capabilities of specific IDM-SSO product you use.

Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks for quick reply!

0 Likes
Absent Member.. Absent Member..
Absent Member..

Hi 

 

Thank you for your answer.

 

Is that possible for now? With the BSM 9.25 version.

 

I opened a case for this, and they addressed to forums.

 

What you aim should be possible:

- If IIS is used, which is integrated with Domain Controller what you wish can be done by NTLM authentication header
- If Apache is used, the authentication could go through Kerberos

 

What do you think about these suggestions?

 

Thanks.

Best regards.
0 Likes
Micro Focus Expert
Micro Focus Expert

Nothing has changed in this regard in BSM 9.25, so my reply provided 3.5 years ago still holds true. You may be able to configure what you want if the IDM-SSO solution you use (IIS based, or Apache based or whatever) would allow this.

Absent Member.. Absent Member..
Absent Member..


@Dmitry Shevchenko wrote:

Nothing has changed in this regard in BSM 9.25, so my reply provided 3.5 years ago still holds true. You may be able to configure what you want if the IDM-SSO solution you use (IIS based, or Apache based or whatever) would allow this.



Could you explain this more deeply?

 

Or do you know any source (url) to discover what this mean.

 

Thanks.

 

Best regards.
0 Likes
Micro Focus Expert
Micro Focus Expert

I'm not sure how to describe it in a different way. This is not a BSM functionality. This is a functionality of various IDM-SSO solutions that exist in the market. You may find one that can provide what you want. But I'm not aware of any such solutions. So cannot comment further.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.