Absent Member.. Husnain Absent Member..
Absent Member..
4726 views

HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Dear All,

 

I have one issue regarding the ssl configuration of my webserver. It resides on a different machine then my application server and I have generated the client keystore and certificates for it included in the trusted keystore of my sm server.

 

The windows client on my web server is sucessfully connects with the trusted sign on the application server, but my webserver, although it shows the SM login page but once it logs in it gives me the error.

 

 

Error: com.hp.ov.sm.client.common.communications.CommunicationException: javax.xml.soap.SOAPException: Message send failed - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I am connecting my web server to httpPort and fully qualified domain name of the application server. As a reference I am attaching my web.xml. Kindly suggest if any one of you have encountered and fixed this issue in past.

 

Thanks and Best Regards,

Husnain Javaid.

0 Likes
1 Solution

Accepted Solutions
Absent Member.. Husnain Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
Hi All,

Thanks for your replies. The cause was actually the multiple NIC's which were enabled on the machine. The request wasnt reaching the application server, because of the anonymous IP.

Thanks for your replies.

0 Likes
13 Replies
Absent Member.. michael.gregory Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Hi there,

 

It sounds like you have only setup SSL for the server, not the web tier.

 

You need to follow the steps in the attached document page 5 "Task 3: Set up the Service Manager web tier"

 

Let me know if this helps or if you've already tried this.

 

Thanks,

Michael

0 Likes
Absent Member.. Husnain Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
I have already followed the steps but still it is giving me the same error.

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 64 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
... 70 more

Kindly suggest any further!
0 Likes
Absent Member.. michael.gregory Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
Hi,
This seems to be the main error:

"unable to find valid certification path to requested target"

Have you have added the two certificates in the WEB-INF directory?
Absent Member.. Sharash_k Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Did you check and correct the WEB.xml file?

 

Default setting for 'secureLogin' parameter in WEB.xml has changed from 'False' to 'True' for the new HPSM 9.21 patch. This maybe one of the reasons for your issue.

 

 

Absent Member.. Husnain Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
Hi All,

Thanks for your replies. The cause was actually the multiple NIC's which were enabled on the machine. The request wasnt reaching the application server, because of the anonymous IP.

Thanks for your replies.

0 Likes
JasperClarence Super Contributor.
Super Contributor.

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
Hi All, We are trying to integrate SSo integration using siteminder for HPSM.The architecture for our SM is application layer and web tier are both hosted on a single instance.we have followed the steps given by Mike_gregory documentation above. The error which we are getting while logging into Sm is com.hp.ov.sm.client.common.communications.CommunicationException: javax.xml.soap.SOAPException: The sm.log file shows the following: And also in sm.log file below error is finding. 7000( 6528) 10/11/2011 06:27:12 RTE I Thread termination cleanup complete 7000( 6560) 10/11/2011 06:27:13 RTE I Using "utalloc" memory manager 7000( 6560) 10/11/2011 06:27:13 RTE I Process sm 9.21.013 (013) System: 13090 (0x69C90B00) on PC (x64 64-bit) running Windows Server 2003 R2, Enterprise Edition SP2 (5.2 Build 3790) from alpcispapp443v (3.239.148.111) 7000( 6560) 10/11/2011 06:27:13 RTE I Connected to SOAP client at 3.239.148.111 7000( 6560) 10/11/2011 06:27:13 RTE I Thread attaching to resources with key 0x69C90B00 7000( 6560) 10/11/2011 06:27:13 RTE I Connection to dbtype 'oracle10' Oracle server 'smap1' as user 'HPSM920' successful 7000( 6560) 10/11/2011 06:27:13 RTE I Connected to Oracle Version 11.2.0.2.0 7000( 6560) 10/11/2011 06:27:13 RTE I Oracle Client version: 11.2.0.1.0 7000( 6560) 10/11/2011 06:27:13 RTE I Oracle server settings for language, territory and character set: AMERICAN_AMERICA.WE8ISO8859P1 (UTF8) 7000( 6560) 10/11/2011 06:27:13 RTE I OCI Client settings for language, territory and character set: AMERICAN_AMERICA.AL32UTF8 (UTF16) 7000( 6560) 10/11/2011 06:27:13 RTE I Oracle instance setting for NLS_SORT is set to binary 7000( 6560) 10/11/2011 06:27:13 RTE I Oracle instance setting for NLS_COMP is set to BINARY 7000( 6560) 10/11/2011 06:27:13 RTE I Oracle session is set up in BINARY mode 7000( 6560) 10/11/2011 06:27:13 RTE I Thread 79B6EF4CAEA86178115D39E06EE2F1E6 initialization done. 7000( 6560) 10/11/2011 06:27:13 RTE I -Memory : S(423688) O(204020) MAX(914428) - MALLOC's Total(3867) 7000( 6560) 10/11/2011 06:27:13 RTE I Thread termination in progress 7000( 6560) 10/11/2011 06:27:13 RTE I Thread termination cleanup complete Please help us. Regards, jasper
0 Likes
JasperClarence Super Contributor.
Super Contributor.

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
Hi Husnain,

How did you tackle the multiple NIC issue? Please let us know.

Regards,
Jasper
0 Likes
Absent Member.. Husnain Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
By disabling the local area network which were giving the wrong IP.

Can you please be more ellaborative of your error, means where are you with your integration, may be I can help?
0 Likes
JasperClarence Super Contributor.
Super Contributor.

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution
Hi Husnain,

We are using HPSM 9.21 whose web layer and application layer are installed on the same instance.We are trying to integrate HPSM9.21 with SSO using CA citeminder which uses LDAP.The idea is that when we give the credentials in the SSo page it should login to the HPSM application.We have followed the SM_9.20_LW_SSO_config_guide.We have genertaed the keystore using the openssl.When we give the ssl parameter as true in the web.xml file we are not able to login to the application.Please help us on this issue as we are struggling for a month now.

Regards,
Jasper
0 Likes
Absent Member.. Husnain Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Hi Chris,

 

Can you please confirm if you have been able to connect with the windows client?

 

Thanks and Best Regards.

0 Likes
Absent Member.. Ram_S Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Hi All,

 

I'm new to this configuration. My environment is SM 9.30.

I have set up the trusted sign on as per the attached guide.

I don't see any errors while logging in or while the Apache service start.

But after entering the URL - it takes me to login page instead of taking me to To do queue page directly.

i'm not sure whether i have missed some points which needs to be configured. Please suggest

 

Thanks,

 

Ram

0 Likes
Absent Member.. lisajo Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Hi Ram

If I am understanding correcty you all can log into the web client through SSO just are not givien the TODO queueue is that correct?

 

Can you do a screen shot of what they are seeing when logging in

 

Thank you

Lisa

"HP Support
If you find that this post or any post resolves your issue, please make sure to mark it as an accepted solution."
0 Likes
Absent Member.. Ram_S Absent Member..
Absent Member..

Re: HPSM 9.2 Trusted Sign on Issue on web server

Jump to solution

Hi Lisa,

 

i can able to see Todo queue.

 

My problem is when I'm giving the Web URL, it is taking me to Login page where we give the User Name and Password to login to SM.

It is not taking AD credentials to directly login to SM.

 

Thanks,

Ram

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.