Commodore Commodore
Commodore
3198 views

LDAP - Trusted Sign On in Windows Client - Sm 9.30

1. Windows 2008 64-bit, HP SM 9.30

 

2. sm.ini has the following parameters (aside from the normal stuff that goes on it):

sslConnector:0
trustedsignon:1
#ldap settings
ldapauthenticateonly
ldapnostrictlogin:1
ldapbinddn:thisID@thisDomain
ldapbindpass:thispassword

3. I have added an operator and contact records that matches my windows login ID.

 

4. I have setup the scldapconfig to have values on the following entry:

LDAP server: thisserver

LDAP port: 389

LDAP base directory: thisvalue

 

5. I have set up a file/field level mapping to file operator with values on the following:

contact.name - sAMAccountName

email - mail

full.name = displayName

name = sAMAccountName

 

When I login to SM using my windows client and manually typing my ID and password, I can log on just fine and I can see in the log file that its querying the LDAP for entries where sAMAccountName is equal to my ID.  Which is fine.

 

But when I tried to login to the windows client while the Trusted Sign-On button is clicked (which means I don't have to manually type my ID and password) I get the following error message in the log file:

 

 2988( 3596) 03/19/2012 12:12:05 RTE W Sending 401 Not Authorized challenge
 2988( 2724) 03/19/2012 12:12:05 JRTE W Send error response: A CXmlApiException was raised in native code : error 20 : scxmlapi(20) - Authentication failure
 2988( 3596) 03/19/2012 12:12:05 JRTE I Termination signal: 0

 

Any ideas would be greatly appreciated.

Tags (2)
0 Likes
11 Replies
Micro Focus Contributor
Micro Focus Contributor

Do you have SSL configured ? Is SSL configured fine and working ?

0 Likes
Commodore Commodore
Commodore

No, I'm not planning to use SSL.  Is that a pre-req for trusted sign-on in Windows Client?

0 Likes
Fleet Admiral
Fleet Admiral

Hi

 

   Please post sm.cfg and sm.ini files from SM environment.

 

  Also please tell us whether following has been performed,

 

  1.    Whether SM server keystore files has been generated and whether serverkeystore file had been placed

         in SM server RUN folder?

 

  2.    Whether SM client keystore file has been generated and whether client keystore file has been placed in

         SM windows client folder for ex under \plugins folder

 

  3.    In SM windows client whether you had set the preferences for SM to look out for certificates when SM

         operator logs in?

0 Likes
Fleet Admiral
Fleet Admiral

Yes, SSL is a pre-requisite for Trusted Sign on feature.

 

Please follow SM Quick and Dirty guide for Trusted Sign on to implement the feature.

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Service Manager 9.30 only supports trusted sign-onwith SSL enabled and the ssl_reqClientAuth parameter set to "2". To use trusted sign-on, you must first add your web tier and Windows clients to a domain.

 

Hope this helps.

0 Likes
Commodore Commodore
Commodore

Thanks Divya. I was able to implement SSO and Trusted Sign-on on windows client using SM 9.21 on one of our clients without using any SSL.

 

I used the same steps that I used before and it's not working with SM 9.30.

0 Likes
Cadet 1st Class
Cadet 1st Class

SSO for SM 9.3 has been totally hosed by Mordoc, The Preventer of IT Services.  And I thought he was just a comic strip character in Dilbert!  This means you have to put Certificates on everything to do SSO, because if you don't something bad might happen, even on a closed network with no internet access


@Peeves02 wrote:

Thanks Divya. I was able to implement SSO and Trusted Sign-on on windows client using SM 9.21 on one of our clients without using any SSL.

 

I used the same steps that I used before and it's not working with SM 9.30.



.  Of course, HP didn't think about the bad things that would happen by requiring SSL, like losing customers, and of lesser importance, consultants that would otherwise want to work on this stuff.

Absent Member.
Absent Member.

SSO for SM is easy if you've got the right product. At this point in time, SM does not ship with an SSO solution hence why we've produced SSO Plugin for SM.

 


John

0 Likes
Absent Member.. Absent Member..
Absent Member..

hi,

 

We have successfully implemented SSO in SM9.30. And in SM9.30 SSL is must to implement the SSO.

 

Rahul

Rahul Jain
0 Likes
Absent Member.. Absent Member..
Absent Member..

Just confirming what the person above me said.  SSO with SM 9.30 is possible, and it does require SSL.  I've set it up many times.  For those new to implementing it, get SSL working first, then do SSO - do one at a time.  If you're new to do both and you make a mistake, it's hard to tell if it's SSO-related or SSL-related.

0 Likes
Absent Member.. Absent Member..
Absent Member..

I have the same problem as the original poster, I get an Authentication Error when using the trusted sign-on radio button.
I have SSL configured and working, and the "trustedsignon:1" parameter in my sm.cfg file. Is there something else required for the TSO to work?. Currently I am only trying to enable this on the full windows client.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.