Does anyone have a running idmService (SAML - standalone) installation?

Idea ID 2751934

Does anyone have a running idmService (SAML - standalone) installation?

0 Votes

My following configuration:

Last version TomCat 9.0.20
idmService version shipped with SM 9.61
Service Manager 9.60
All 19 tasks of the MF Guide are done. idmService also boots cleanly (https://docs.microfocus.com/SM/9.60/Codeless/Content/security/tasks/idm_install_idm_service.htm).

But when I call the SM Webtier I get the following entry in the idmService Log:

2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] WARN com.hp.ccue.identity.hpsso.HpSsoValidator - HP SSO authentication failed: [VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login]: initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] WARN com.hp.ccue.identity.hpssoImpl.validators.ValidatorsInvoker - VALIDATION: ValidatorsInvoker:runValidators - Validator HP SSO 2.0 Validator finished running with status Status: ID=4dgPBlYE VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] INFO com.hp.ccue.identity.hpssoImpl.api.HpSsoFilter - VALIDATION: Finished HpSsoFilter validations. result: Status: ID=4dgPBlYE VALIDATION_USER_NOT_AUTHENTICATED: Validation: no SSO cookie on request (not authenticated) - more info: User must login initContextFromRequest - no SSO cookie on request (not authenticated).RequestURL is [https://atsw-smwtt01.spar.local.at:9443/idmService/idm/v0/login]; method [GET]; sessionId [3EE29267EC61F343322D491EC6D320FE.idmServiceW1]; RequestQuery is [NOT EMPTY];
2019-12-12 07:21:29,740 [https-jsse-nio-9443-exec-10] INFO com.hp.ccue.identity.hpssoImpl.api.HpSsoFilter - VALIDATION: Finished HpSsoFilter validations (SSO not passed).

 

I'm happy to hear from you. So far MF Support has not been able to help me in this matter.
Again, it is NO SMAX Portal installation. It is a standalone installation, the idmService should activate SAML. And YES...I have already searched the internet a hundred times for the displayed error messages. Unfortunately without success.

Tags (2)
6 Comments
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: New Idea

@Baby Lon could you please ask support to elevate the support case to CORE CPE for further investigation?

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: Declined
 
Commodore
Commodore

@Ming-Feng we've been opening a support case for weeks. And nobody from MF is able to solve our problem. Although the customer pays a so-called premium support. This is definitely not a premium support that is provided.
So now I want to know if there is anyone who successfully runs the idMService STANDALONE version. Someone outside of MF. With us the patience is at the end.

Micro Focus Contributor
Micro Focus Contributor

@Baby Lon  It seems the customer is using SM9.60 to connect with IDM Service released with 9.61. Can you please confirm the version info. If this is true, this combination is not supported.  

Please upgrade SM (at least both Server and Client) to SM9.61 and then connect with iDM Service 9.61. 

Also can you please provide the support case you opened, we will see how to proceed next.

Commodore
Commodore

@Yolanda Zhang 

thank you for the hint. Meanwhile it is upgraded to 9.61 incl. RAD Application. But unfortunately the same issue. I get not HP SSo Cookie. I have no clue anymore.

Maybe, the ADFS service is in a cloud with a different domain than other installations (idMService, SM webtier etc.).  I have already told or pointed this out to the support several times. But so far nothing useful came. 
Unfortunately I can only specify one domain in the "hpssoConfig.xml" under 

	<creation tokenGlobalTimeout="480" tokenIdleTimeout="30" secureHTTPCookie="false">
		<!-- lwsso is required -->
		<lwsso>
		<!-- domain is required
		HPSSO 1.0 version supports a single domain only.
		All servers using HPSSO should have the same domain and it should be denoted in this tag
		-->
		<creationDomains>
		<!-- for development environments only! -->
		<domain>mydomain.com</domain>		
		</creationDomains>
		</lwsso>
	</creation>

 

It is really very confusing because in "Task 4 - Configure SAML SSO" the following is said:

Spoiler
"Note All components that participate in SAML except the SM Server (the IdM service, SM web tier, SRC, and Mobility Client) must be in the same domain, because HP SSO cookies are domain-specific."

 Thank you

Micro Focus Contributor
Micro Focus Contributor

@Baby Lon   

IDEA EXCHANGE is not a good place to discuss and solve configuration problems like this one. You said you have a support case open before. Can you please provide the support case ID and we will follow from there. 

Thank you.

Yolanda

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.