UCMDB and UD Practitioners Forum (Previously CMS)
Showing results for 
Search instead for 
Do you mean 

LWSSO and ucmdb_lwsso_conf.xml

Advisor

LWSSO and ucmdb_lwsso_conf.xml

Hello Experts,

 

I can't manage to configure LWSSO on UCMDB. I get the following message on log file security.lwsso:

 

<2013-08-13 14:22:11,834> [INFO ] [WrapperSimpleAppMain] - Building of configuration completed in 1469 milliseconds.
<2013-08-13 14:22:28,319> [INFO ] [WrapperSimpleAppMain] - initializing LWSSO from file [lwsso/ucmdb_lwsso_conf.xml].
<2013-08-13 14:22:31,882> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
<2013-08-13 14:22:31,897> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
<2013-08-13 14:22:31,897> [INFO ] [WrapperSimpleAppMain] - Building of configuration completed in 3578 milliseconds.
<2013-08-13 14:22:36,632> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
<2013-08-13 14:22:36,694> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.

 

I tried configuring the initString through the Infrastructure configuration menu and also through JMX Console. But I keep getting the message above.

 

Whenever LWSSO is disabled I am able to login with Active Directory users which are correctly mapped to local groups and correct permissions. However, when I enable LWSSO I can only log in using the system administrator account. Every other try gives me an authentication failure message.

 

I can't find the ucmdb_lwsso_conf.xml file in any of the possible directories in the machine and I have tried creating such file in many locations but I keep getting the same message. Any help on the situation?

5 REPLIES
HPE Expert

Re: LWSSO and ucmdb_lwsso_conf.xml

Hi,

You aren't providign us with UCMDB version info, so I'd refer to latest version. Please find attached Hardening Guide for UCMDB 10.01. Please go over Chapter 6 and p.83 in chapter 7.

Please Be sure you're following the documentation during configuration.

 

Regards
-Dmitry Gomel, PMP
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Click the Like button at the bottom to say 'Thanks'.
Advisor

Re: LWSSO and ucmdb_lwsso_conf.xml

The UCMDB version is 10.00.960.

 

As a matter o fact that is the same guide I have used to try to configure LWSSO.

Following is the configuration retrieved from the mbean in the jmx console.

 

HPE Expert

Re: LWSSO and ucmdb_lwsso_conf.xml

Trusted domains is important part of configuration. It's all depend on how you address to UCMDB. In all cases other then IP you have to provide trusted domain in configuration and FQDN as URL.

 

BTW, I'd recommend you to upgrade to UCMDB 10.01 at your earliest. There are many bugs fixes in the release and Cumulative patches are coming once in a while.

Hope this helps.

Regards
-Dmitry Gomel, PMP
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Click the Like button at the bottom to say 'Thanks'.
Advisor

Re: LWSSO and ucmdb_lwsso_conf.xml

I believed that trusted domains should be used when dealing with a multi-domain environment. Which is not my case.

 

I have realized the following:

 

I have LWSSO already configured in BSM. Whenever I log in at BSM and then open the UCMDB, single sign-on works, enabling me to log in with any user in LDAP. However if I log out with that user and then try to log in again in UCMDB, I get an authentication failure.

 

bsf_security shows the following messages:


2013-08-13 15:42:10,845 [qtp197491295-210] - ValidationPoint can not redirect, since authenicationPointServer [] or authenicationPointURL [secure/authenicationPointURL.jsp] is null.

 

The parameter validation point is actually null in my configurations. Is that mandatory?

HPE Expert

Re: LWSSO and ucmdb_lwsso_conf.xml

HP has a defect opened for removing  WARN  - ValidationPoint can not redirect, since authenicationPointServer [] or authenicationPointURL  from error log.

This is not root cause...

Regards
-Dmitry Gomel, PMP
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Click the Like button at the bottom to say 'Thanks'.
//Add this to "OnDomLoad" event