- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Single Sign On between SMH and HPSIM using sel...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2014 05:39 AM
тАО02-19-2014 05:39 AM
Single Sign On between SMH and HPSIM using self-signed certificates
Hi all,
the SSO feature seems to be broken after upgrading the environment to HPSIM 7.3 and SMH 7.3.1.4. If I click on the 'System Management Homepage' link within HPSIM, I've got the logon page from the SMH of the target system.
I use self-signed certificates of HPSIM and the certificate is successfully imported into SMH's certificate store.
Are there any hints to solve this problem?
Thanks in advance
Andreas
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2014 08:04 AM
тАО02-19-2014 08:04 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hello there,
could it be that it was already broken with 7.2?
There was a switch from 1024 bits cetrificates to 2048 bits. You should run a repair under configure, only set the set trust option. If you have sign-in credentials you should be able to set the new certificate. If that does not work fix one server by hand and delete thd old certificate and leave the new one in tacked. The replicate the certificate to the other servers.
Kind regards,
Andrew
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2014 01:47 AM - edited тАО02-25-2014 02:37 AM
тАО02-25-2014 01:47 AM - edited тАО02-25-2014 02:37 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hi Andrew,
thanks for your response. As I remember correctly, the SSO with HSIM 7.2/SMH 7.2 runs without problems.
I ran the 'Configure and Repair Agents' option with the suggested options and got the following result:
Set Trust relationship to "Trust by Certificate"
Set Trust relationship to "Trust by Certificate" ................... [SUCCESS]
Added this instance of HP SIM to the trusted certificate list for System Management Homepage 2.0 or later.
Successfully restarted necessary management applications to ensure that all successful changes will be effective.
Re-identifying system to get updated information ...
Re-identification of system .................................... [SUCCESS]
Checking whether the HP SIM CMS can login to the SMH URL " https://<FQDN>:2381/ "
Unable to login to the SMH using certificate.................... [WARNING]
Check the system link configuration by going to "Options->Security->System Link Configuration".
The System Link Configuration ist set to 'Use the system's full DNS name.'. On the target system is SMH 7.3.1.4 installed.
Furthermore I removed the CMS certificate on the target client and startet the repair process again - the result was the same... Are there any logs with detailed information regarding the repair process?
Best regards
Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2014 05:51 AM
тАО02-25-2014 05:51 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hello again,
No not that i know of, If you look at the installed certificates, is there only one ?
Kind regards,
Andrew
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2014 12:21 AM
тАО02-26-2014 12:21 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hi Andrew,
yes it is only one certificate listed (which was imported from the CMS). As I noticed this certificate uses a 1024 bit key.
Which certificate uses HPSIM for SSO? I thought the one under Options --> Security --> HP Systems Insight Manager Server Certificate, but this one is uses a 2024 bit key and all other data (like fingerprint, expiration date and so on) differs from the data of the imported key within the SMH...
Kind regards
Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2014 12:57 AM
тАО02-26-2014 12:57 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Same here. No SSO to SMH from Insight possible since 7.3. SSO to iLo is functional. I tried everythin possible to solve that problem. Last versions of all installed... Hope you can find the solution... This is also relevant for the VCRM which is in our system also on the Insight Server.
...Hagen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2014 02:10 AM
тАО02-26-2014 02:10 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hello,
Did you try to export the 2048 certificate and try to import the text with paste in the HP System Management Homepage under Settings > Security > Trusted Management Servers, click on details of the current installed certificate and look for "
Public-Key: (1024 bit)" or 2048 bit. Is the certificate 1024 or 2048 bits ? Now first delete any existing Certificates. Now paste the 2048 certificate in the Add Certificate Data and click on the import button. Does the trust work from SIM ?
When you signed in with Windows credentials wait for some time for the sign-in to expire until you click on the System Management Homepage link in SIM. If this work and your original certificate was 1024 the problem is that when the System Management Homepage collects it's certificate from the SIm server it collects a 1024 bits certificate.
If this works you can do a replicate of the certificate to your other servers.
Kind regards,
Andrew
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2014 06:29 AM
тАО02-26-2014 06:29 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hi,
yes I tried to import and use the 2048bit certificate - but without success. The result is the same: I've got the SMH logon screen if I click on HP System Management Homepage link. I am not sure which certificate HPSIM for authentication use.
Regards
Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2014 05:20 AM
тАО03-04-2014 05:20 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Try to change the System Link Configuration to "use the system IP address", this seems to work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2014 07:30 AM - edited тАО03-12-2014 07:32 AM
тАО03-12-2014 07:30 AM - edited тАО03-12-2014 07:32 AM
Re: Single Sign On between SMH and HPSIM using self-signed certificates
Hi all,
I replaced my HPSIM 7.3 installation with an new one of 7.2. From my point of view there are too many problems with the new version. As a good side effect, I've got all warranty information with remote support advanced too.
Best regards
Andreas