Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..
654 views

Setting up windows client on SSL is similar to SSO ?

Experts,

I am having a confusion in the setup of SSL and TSO in HP Service Manager. 

I have a requirement to setup HP SM to accept both SSL and Non SSL connections .  

I have enabled HP SM windows clients to work with the certificates and below are the set of parameters included in the sm.ini

keystoreFile:smserver.keystore
keystorePass:<Service Manager server keystore password>
ssl:0
ssl_reqClientAuth:2
ssl_trustedClientsJKS:trusted.keystore
ssl_trustedClientsPwd:<trusted client keystore password>
trustedsignon:1
truststoreFile:ca.keystore
truststorePass: <root CA keystore pass phrase>

I have setup the ssl parameter to be 0 , so as to accept both SSL and NOn SSL connections. 

trustedsignon parameter is turned on.

After completing this setup and making it work, I have a question whether is it really required to enabled TSO to actually have HP SM windows clients to communicate in TLS / SSL proptocols. 

Raised an HP Case and I was told to  configure LW SSO ( ?? am confused again ) . Told HP support that, I am trying to setup HP SM windows client on SSL not trying to authenticate while browsing from one application to another. But HP is sure to configure it in this way to achieve SSL setup ..

Confused and baffled.

Need guidance.

thx

dev

I am Listening..
0 Likes
9 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Setting up windows client on SSL is similar to SSO ?

We have SSL for the web clients and non-SSL for the Desktop clients and these are the parameters we have in the sm.ini:

ssl_reqClientAuth:2

ssl:0

sslConnector:1

trustedsignon:1

 

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Setting up windows client on SSL is similar to SSO ?

thank you TomPow for the reply. These are the parameters which even I had set it in the ini. HP support is saying it needs to be SSL:1 if you are enabling SSL on HP SM and needs to have specific listeners configured for non ssl connections. KM1171404 , this KB article clearly explains how to setup ssl and non ssl connections. One question TomPow, Can the user still use, username and password even after mapping the certificates to the client ( just setting up connection on SSL not trusted sign on ) ?
I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Setting up windows client on SSL is similar to SSO ?

Yes, the user still has to authenticate with his username and password. 

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Setting up windows client on SSL is similar to SSO ?

If I check the trusted sign radio button on the client, the password field is going read only.

Should I keep it unchecked ?

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Setting up windows client on SSL is similar to SSO ?

Should I check the 'Use SSL Encryption' under the advanced tab ?

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Setting up windows client on SSL is similar to SSO ?

You don't need to check the trusted signon in the client.  If you are using client certificates for the desktop client, then you probably need to use SSL encryption.

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Setting up windows client on SSL is similar to SSO ?

Thank you TomPow,

So In that case for me, I could turn off the trustedsignon parameter from the sm.ini file and default all the client configurations to use SSL encryption ( check under the advanced tab ) and generate certificates for each of the client machines ( I have citrix servers here ).

I am Listening..
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Setting up windows client on SSL is similar to SSO ?

So actually there isn't a big difference in setting up Trusted sign on  and SSL for HP Service Manager ?. 

If I turn on the system parameter and check these boxes on the client it works for windows clients. 

I am Listening..
0 Likes
Highlighted
Established Member..
Established Member..

Re: Setting up windows client on SSL is similar to SSO ?

Good morning

The direction between SSO and SSL is:
1 SSO requires ssl to perform trusted authentication (logon)
2. SSL encrypts the communication so that the data does not travel in plain text (passwords, etc.).
* I have configured SSO, checking the trusted login option (certificates needed, ssl button active on the client)
Also when authenticating for example with the falcon user, the "trusted login" option is unchecked, however, the client is the client.
* The third option without ssl, a port (with the debug) in the sm.cfg file, no certificates are required on the client (the trusted login and ssl option is unchecked).
* For example I connect the mobile client to the port without ssl, and in this way the login with username and password is required.

 

/hpeb/attachments/hpeb/itrc-695/107496/1/Single%20Sign-On%20Authentication.pdf

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.