HPE Community
Server Management - Systems Insight Manager
1752275 Members
5190 Online
108786 Solutions
New Discussion

Re: Single Sign on doesn't work after System Management Homepage update

 
consolero
Advisor

‎06-26-2012 12:46 AM

‎06-26-2012 12:46 AM

Single Sign on doesn't work after System Management Homepage update

Hi all

 

We use our HP SIM with a certificate from our CA and distribute this certificate to all of our servers, which are running a SMH.

The SMH trusts by certificate and the SIM server is known as the trusted management server with this certificate. With the SMH versions 6.3.1.24 and 7.0.0.24 it was possible to use the SSO from SIM to acces the SMH. After updating to the newest Version 7.1.1.1 it is no longer possible to use the SSO and I found this errors in the SMHlog:

 

CRITICAL

Trusted certificate used for SSO is either revoked or SMH failed to verifiy it against CRL

 

MAJOR

 Certificate verification message: uanble_to_get_local_issuer_certificate

 

WARNING

Secure Task Execution User:auto_generated was DENIED acces to System Management Homepage to invoke target URL=/Proxy/STE

 

Does anyone know this problem?

 

Thanks a lot

nik

 

1 person had this problem.
0 Kudos
Reply
59 REPLIES 59
Jens Ey
Frequent Advisor

‎06-26-2012 04:20 AM

‎06-26-2012 04:20 AM

Re: Single Sign on doesn't work after System Management Homepage update

Hi nik,

 

I know this problem - but not the solution, sorry.

 

i tried so far to create a new certificate for SIM and even renewed the CA certificate to get rid of a URL with file://... for the CRL.

As far as I can remember HP changed OpenSSL to a newer version with this release of SMH.

 

jens

0 Kudos
Reply
Jens Ey
Frequent Advisor

‎06-28-2012 03:02 AM

‎06-28-2012 03:02 AM

Re: Single Sign on doesn't work after System Management Homepage update

hello nik.

 

the next thing I tried was to look closer at the new SIM 7.1. There is an option how the agents should check for revoked certificates (e.g. is the CA available for the agents or has the SIM a copy of the CRL).

I installed a complete new SIM 7.1 and a new server with the current agents but had no luck at all to get this working.

 

So my conclusion for the moment is once more: HP broke it, HP should fix it.

 

Jens

0 Kudos
Reply
consolero
Advisor

‎06-28-2012 05:46 AM

‎06-28-2012 05:46 AM

Re: Single Sign on doesn't work after System Management Homepage update

hello jens

 

Thanks for your informations.

I also upgraded to SIM 7.1 and tried to configure the Certificate Revocation Check but the probles is still the same.

 

I am agree with you about HP....

 

nik

0 Kudos
Reply
referencepoint
Advisor

‎07-06-2012 12:28 AM

‎07-06-2012 12:28 AM

Re: Single Sign on doesn't work after System Management Homepage update

I've just come across this issue too, after upgrading to SIM 7.1 and updating my servers with SMH 7.1.1.1.

 

Hugely annoying to not have SSO working for any system now - this needs fixing ASAP HP!

0 Kudos
Reply
Bart_Heungens
Honored Contributor

‎07-06-2012 12:42 AM

‎07-06-2012 12:42 AM

Re: Single Sign on doesn't work after System Management Homepage update

Hi,

 

Just to inform you all that I have no such problems... Have 2 independent SIM environments running with the latest SMH and SIM 7.1 and do not have the SSO problem...

 

 

Kr,

Bart

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
0 Kudos
Reply
Jens Ey
Frequent Advisor

‎07-06-2012 01:02 AM

‎07-06-2012 01:02 AM

Re: Single Sign on doesn't work after System Management Homepage update

Hi Bart,

 

are you using a CA in these environments and what kind of CA? Are you copying the CRLs to the SIM servers?

 

Jens

0 Kudos
Reply
Bart_Heungens
Honored Contributor

‎07-06-2012 01:25 AM

‎07-06-2012 01:25 AM

Re: Single Sign on doesn't work after System Management Homepage update

Hi Jens,

 

No I am not using a separate CA...

 

 

Kr,

Bart

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
0 Kudos
Reply
consolero
Advisor

‎07-09-2012 05:10 AM

‎07-09-2012 05:10 AM

Re: Single Sign on doesn't work after System Management Homepage update

Hi,

 

I fixed the problem with the CRL by signing a new SIM Certificate (2048) with my CA.

But the next problem is already here:

The SIM server uses a self-signing certificate (1024) for the SSO and not my new cert from the CA.

 

Is this a new thing with SIM 7 or why does he take this one?

 

nik

 

0 Kudos
Reply
Jens Ey
Frequent Advisor

‎07-09-2012 05:18 AM

‎07-09-2012 05:18 AM

Re: Single Sign on doesn't work after System Management Homepage update

Hi,

 

did you changed to SIM certificate or the SMH certificate of the SIM server?

 

SIM certificates must be changed in SIM (Options / Security / HP Systems Insight Manager Server Certificate) using the button "Import" where you can create a new request and import it later.

 

After import the SIM has to be rebooted.

 

I also tried to generate a new CA signed certificate for the SIM (and even setting up a complete new SIM) but had no luck...

 

Jens

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.