Highlighted
Micro Focus Expert
Micro Focus Expert
1003 views

Updated SSO / TSO Batch

Jump to solution

Hello,

Few weeks ago I had to implement SSO for a 9.52 customer and I faced with a warning message as below.

Warning: the jks keystore uses a proprietary format. it is recommended to migrate to pkcs12

Also I wasn't able to establish SSO, so I've started to search and I found that with JRE Update 1.8.161 (8u161) certificate procedure has changed. After some reseacrch and trial and error attemps I've updated  "KM773556 Trusted and Single SignOn using Service Manager" batches.

Customer environment has only one instance so I haven't used tso_2nd_srvs_svlt.bat therefore I cannot identify changes on that batch. 

tso_srv_svlt.bat

line: 

%OPENSSL% req -new -key key/cakey.pem -x509 -days 1095 -out certs\mycacert.pem -config ./openssl.conf -passin pass:%CAROOT_PASSWD%

to be:

%OPENSSL% req -new -key key/cakey.pem -sha256 -x509 -days 1095 -out certs\mycacert.pem -config ./openssl.conf -passin pass:%CAROOT_PASSWD%

and line:

%KEYTOOL% -genkey -alias smserver -keystore key/server.keystore -storepass %SERVER_KEYSTORE_PASSWD%

to be:

%KEYTOOL% -genkey -keyalg RSA -keysize 2048 -storetype pkcs12 -alias smserver -keystore key/server.keystore -storepass %SERVER_KEYSTORE_PASSWD%

tso_cln_svlt.bat

line:

%KEYTOOL% -genkey -alias %1 -keystore key/%1.keystore -storepass %CLIENT_KEYSTORE_PASSWD%

to be:

%KEYTOOL% -genkey -keyalg RSA -keysize 2048 -storetype pkcs12 -alias %1 -keystore key/%1.keystore -storepass %CLIENT_KEYSTORE_PASSWD%

You can validate your produced "crs\servercert_request.crs" or "crs\clientcert_request.crs" from below URL:

https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp

Regards,
Sadun

Tags (1)
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Sergey,

It was java 1.80_191 that caused this new issue.  You need to downgrade your java version. See https://softwaresupport.softwaregrp.com/doc/KM03301381

View solution in original post

3 Replies
Highlighted
Cadet 3rd Class
Cadet 3rd Class

Hello,

After update Java from 1.8.0_101 to 1.8.0_191  SSO stopped working with error  “Fault string, and possibly fault code, not set”.

If you connect directly to Tomcat through port 8080 login form appears and after entering credentials you successfully enter to SM.

I decided to reissue certificates (taking into account the recommendations of Sadun).

But it was same error “Fault string, and possibly fault code, not set” after reissue of certificates.

tomcat log:

2018-11-28 11:38:58,169 ERROR [ajp-nio-8009-exec-6] [User-44d3013e8e] [com.hp.ov.sm.client.webtier.SCLogging] response:

<Fault>

<faultcode>SOAP-ENV:Server</faultcode>

<faultstring>Fault string, and possibly fault code, not set</faultstring>

<faultactor>Server</faultactor>

</Fault>

2018-11-28 11:38:58,169 ERROR [ajp-nio-8009-exec-6] [User-44d3013e8e] [com.hp.ov.sm.client.webtier.SCLogging] The soap fault is : SOAP-ENV:Server

http.log:

6248(  4012)  11/28/2018 11:38:58.101

HttpLog: session ID has not been set yet.

  6248(  4012)  11/28/2018 11:38:58.101

POST /SM/ui HTTP/1.1

accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

authorization: User: User Password:******

pragma: TrustedSignOn, requestnum="52", D62654A58998DCD546B4E6A0045EC15D

soapaction: "getPreferences"

connection: close

content-type: text/xml; charset=utf-8

cache-control: no-cache

user-agent: Java/1.8.0_191

host: SERVER.domain.com:13080

content-length: 835

  6248(  4012)  11/28/2018 11:38:58.103

HttpLog: session ID has not been set yet.

  6248(  4012)  11/28/2018 11:38:58.103

HTTP/1.1 307

 

Help me somebody please.

Tags (2)
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Sergey,

It was java 1.80_191 that caused this new issue.  You need to downgrade your java version. See https://softwaresupport.softwaregrp.com/doc/KM03301381

View solution in original post

Highlighted
Cadet 3rd Class
Cadet 3rd Class

Thank you very much Jas1!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.