Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Absent Member.. Lev_Shamay Absent Member..
Absent Member..
2394 views

Error opening Link from email notification

Jump to solution

Hi

 

System works fine

but when trying to open the link attached to email notification raises an error:

 

An error has occurred while processing a request for:

/webtier-9.30/detail.do Please contact your Administrator or see server logs for more details

Error: invalid query hash in URL - may be a cracking attempt

 

after clicking the link, and connecting via password this occurs, but system works fine except that, meaning I can navigate from the same page to the incident with a new tab

 

attached screen-shot

 

Thanks for the helpers

0 Likes
1 Solution

Accepted Solutions
Highlighted
Absent Member.. John Stagaman Absent Member..
Absent Member..

Re: Error opening Link from email notification

Jump to solution

Service Manager URLS include a system generated hash code to prevent spoofing of the URL by someone trying to gain access to the system. 

The simple solution is to disable this function: 

In the sm.ini add the parameter:

#----Disable Query Hash-----
querysecurity:0

AND set the querySecurity parameter in the web.xml to false as Jacob mentioned.

 

From the online help:

Parameter: querysecurity

Determines whether the HP Service Manager server requires a security hash with Web tier URL queries.

Parameter

querysecurity

Description

This parameter determines whether the Service Manager server requires a security hash with Web tier URL queries. By default, the Service Manager server requires all Web tier URL queries to include a security hash. The Service Manager server will reject any Web tier URL queries without the security hash.

If you are generating Web tier URL queries using an external application, then you will want to disable the security hash so the server will accept the queries. If you disable the security hash, access to Service Manager tables is controlled by the Document Engine. To restrict access to tables through the Document Engine, you must enable security features such as format control or application profiles that restrict access at the operator level.

Note: This parameter is tied to the Web parameter "querySecurity" (spelled with an uppercase "S"). To disable the security hash feature, you must disable both the web.xml and sm.ini versions of this parameter.

 

Valid if set from

server's OS command prompt Initialization file (sm.ini)

Requires restart of Service Manager server?

Yes

Default value

1

Possible values

0 (Disable) 1 (Enable)

Example usage

Command line: sm -httpPort:13080 -querysecurity:0

Initialization file: querysecurity:0

 

Web parameter: querySecurity

Web parameters change the behavior of Web clients connecting to the Web tier. You can always set Web parameters from the Web tier configuration file (web.xml).

Parameter

querySecurity

Description

This parameter is not listed by default in the Web configuration file. You must manually add this parameter to the file if you need to change the default value.

Enabling this parameter causes the HP Service Manager Web tier to embed a security key in all queries generated by the Web client. The HP Service Manager server verifies the security key and, if valid, authorizes the query. Disabling this parameter allows any user with log on permissions, the skills to create a query, and access to the HP Service Manager URL to extract data from any HP Service Manager table.

Note: This parameter is tied to the security parameter "querysecurity" (spelled with all lowercase letters). To disable the security hash feature, you must disable both the web.xml and sm.ini versions of this parameter.

 

Valid if set from

Web tier configuration file (web.xml)

Requires restart of Web application server?

Yes

Default value

true

Possible values

true (Enabled) false (Disabled)

Example usage

<init-param>
  <param-name>querySecurity</param-name>
  <param-value>false</param-value>
</init-param>

----------------------------------------------------
Kudos - what, where, how, and why
Want Good Answers? Ask Good Questions...
2 Replies
Acclaimed Contributor.. Jacob Heubner Acclaimed Contributor..
Acclaimed Contributor..

Re: Error opening Link from email notification

Jump to solution

What are you using to generate the url in the email?

 

Alternatively, you can set the querySecurity parameter to 'false' in your web.xml

Highlighted
Absent Member.. John Stagaman Absent Member..
Absent Member..

Re: Error opening Link from email notification

Jump to solution

Service Manager URLS include a system generated hash code to prevent spoofing of the URL by someone trying to gain access to the system. 

The simple solution is to disable this function: 

In the sm.ini add the parameter:

#----Disable Query Hash-----
querysecurity:0

AND set the querySecurity parameter in the web.xml to false as Jacob mentioned.

 

From the online help:

Parameter: querysecurity

Determines whether the HP Service Manager server requires a security hash with Web tier URL queries.

Parameter

querysecurity

Description

This parameter determines whether the Service Manager server requires a security hash with Web tier URL queries. By default, the Service Manager server requires all Web tier URL queries to include a security hash. The Service Manager server will reject any Web tier URL queries without the security hash.

If you are generating Web tier URL queries using an external application, then you will want to disable the security hash so the server will accept the queries. If you disable the security hash, access to Service Manager tables is controlled by the Document Engine. To restrict access to tables through the Document Engine, you must enable security features such as format control or application profiles that restrict access at the operator level.

Note: This parameter is tied to the Web parameter "querySecurity" (spelled with an uppercase "S"). To disable the security hash feature, you must disable both the web.xml and sm.ini versions of this parameter.

 

Valid if set from

server's OS command prompt Initialization file (sm.ini)

Requires restart of Service Manager server?

Yes

Default value

1

Possible values

0 (Disable) 1 (Enable)

Example usage

Command line: sm -httpPort:13080 -querysecurity:0

Initialization file: querysecurity:0

 

Web parameter: querySecurity

Web parameters change the behavior of Web clients connecting to the Web tier. You can always set Web parameters from the Web tier configuration file (web.xml).

Parameter

querySecurity

Description

This parameter is not listed by default in the Web configuration file. You must manually add this parameter to the file if you need to change the default value.

Enabling this parameter causes the HP Service Manager Web tier to embed a security key in all queries generated by the Web client. The HP Service Manager server verifies the security key and, if valid, authorizes the query. Disabling this parameter allows any user with log on permissions, the skills to create a query, and access to the HP Service Manager URL to extract data from any HP Service Manager table.

Note: This parameter is tied to the security parameter "querysecurity" (spelled with all lowercase letters). To disable the security hash feature, you must disable both the web.xml and sm.ini versions of this parameter.

 

Valid if set from

Web tier configuration file (web.xml)

Requires restart of Web application server?

Yes

Default value

true

Possible values

true (Enabled) false (Disabled)

Example usage

<init-param>
  <param-name>querySecurity</param-name>
  <param-value>false</param-value>
</init-param>

----------------------------------------------------
Kudos - what, where, how, and why
Want Good Answers? Ask Good Questions...
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.