BSM 9.12 SSO question - Micro Focus Community

_m0riarty_ · ‎2012-03-14

Hello all!

I have question about SSO in BSM 9.12.

Can I configure the LW-SSO in BSM 9.12 to login BSM automatically with user MS Active Directory account which be entered to login Windows?

I want to do the following: when the user opens BSM console it is automatically login BSM using Windows session credentials. This feature is available in the HP Service Manager (without another product).

From the document "HP BSM - Platform Administration", I learned that exists IDM-SSO, whether it is necessary to solve the problem? Do I understand correctly that the IDM-SSO is not part of the HP BSM and is necessary to buy a separate product (Identity Manager)?

As an authenticator used MS Active Directory.

Dmitry Shevchenko · ‎2012-03-14

You cannot use Windows session credentials automatically to login to BSM. You need to type your AD credentials explicitly in the BSM login window (of course, LDAP authentication strategy in BSM must be configured prior to it). Don't confuse LW-SSO (used for SSO between HP Software products) and LDAP authentication strategy.

If LW-SSO is for HP Software products only, IDM-SSO is for any arbitraty products for which you want SSO solition. No, you don't need to buy Identity Manager. You can use any IDM-SSO product, e.g. SiteMinder, that allows you to provide SSO for different applications. And whether you will be able to login to BSM automatically based on your Windows session credentials depends on capabilities of specific IDM-SSO product you use.

_m0riarty_ · ‎2012-03-15

Thanks for quick reply!

billypostman · ‎2015-07-27

Hi Dmitry Shevchenko

Thank you for your answer.

Is that possible for now? With the BSM 9.25 version.

I opened a case for this, and they addressed to forums.

What you aim should be possible:

- If IIS is used, which is integrated with Domain Controller what you wish can be done by NTLM authentication header
- If Apache is used, the authentication could go through Kerberos

What do you think about these suggestions?

Thanks.

Best regards.

Dmitry Shevchenko · ‎2015-07-27

Nothing has changed in this regard in BSM 9.25, so my reply provided 3.5 years ago still holds true. You may be able to configure what you want if the IDM-SSO solution you use (IIS based, or Apache based or whatever) would allow this.

billypostman · ‎2015-07-28

@Dmitry Shevchenko wrote:
Nothing has changed in this regard in BSM 9.25, so my reply provided 3.5 years ago still holds true. You may be able to configure what you want if the IDM-SSO solution you use (IIS based, or Apache based or whatever) would allow this.

Could you explain this more deeply?

Or do you know any source (url) to discover what this mean.

Thanks.

Best regards.

Dmitry Shevchenko · ‎2015-07-28

I'm not sure how to describe it in a different way. This is not a BSM functionality. This is a functionality of various IDM-SSO solutions that exist in the market. You may find one that can provide what you want. But I'm not aware of any such solutions. So cannot comment further.