Appliance SSO Refresh Required

Scott Caryer · ‎09-07-2023

I am using GD (ver 2.8). Once I log into the GD, I typically access one of my 7 or 8 Oneview (OV) appliances which include my Synergy Composers. Frequently, when I select 1 of my 2 Composers to access from the GD, I get the infarmous "Appliacne SSO refresh Required" screen that pre-populates my login credentials and domain. Even though my password is already filles in by default, I remove the asteriks and retype my known working password for my windows domain and hit OK. It does NOT pass my credentials through and simply highlights the password field and indicates incorrect login credentials. The password is CORRECT. I can simply select the X on the windows and that page goes away and it takes me to either the Login page of the appliance, or it will take me to the home page as if I am already logged into that appliance. This occurs EVERYTIME I select both of my composers, and currently occurs when I select just 1 of my 6 other regular OV appliances. Do I have to periodically login to each OV appliance with my local Administrator account?

Scott Caryer · ‎09-07-2023

Additionally, I have another admin colleague has the same issue on the exact 3 OV appliance.

Composer running on 8.2
Composer running on 8.5
Oneview running on 6.6

Thoughts?

Please advise...Scott

ChrisLynch · ‎09-07-2023

Can you authenticate to your appliance using the same set of credentials directly with your OV appliances? OVGD does not cache credentials, rather it passes through the credentials from the OVGD login screen to the appliances added. Additional things to check:

Appliance HTTP certificate expiration?
Domain Controller Certificate expiration?
DNS name change where it doesn't match the Common Name or any of the Subject Alternate Names (SANs) in the OneView HTTPS certificate?

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Scott Caryer · ‎09-07-2023

Thanks for the feedback Chris!

So the credentials I use when going through the OVGD, do work when I try to access the appliances directly. So I know it is not a password issue.

The OVGD and all the OV appliances that are members of the OVGD have a good working SSL certificate installed. I am not leveraging SANs on the SSL certs so that should not be an issue.

ChrisLynch · ‎09-07-2023

Well, tyipcally this is caused by a certificate issue that doesn't match (appliance hostname doesn't match OV certificate Common Name or SANs) or the certificate has expired.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Scott Caryer · ‎09-07-2023

Let me add this, one of those 3 problematic member appliance does have an alert about the SSL cert that will be expiring within the next 1.5 months, BUT it is NOT expired. So these 3 OV members have something in common for sure...

Scott Caryer · ‎09-07-2023

So 2 of the 3 problematic OV appliances have certs that will expire just over a month from now. Is that possibly the issue? I have tried removing the OV appliances and readding them, and the issue is still persistent. Does the OVGD and the member appliances have to use the SAME domain CA cert?

ChrisLynch · ‎09-07-2023

So 2 of the 3 problematic OV appliances have certs that will expire just over a month from now. Is that possibly the issue?

No. Only when the certs expire will that then become an issue.

Does the OVGD and the member appliances have to use the SAME domain CA cert?

No. However, if you have not imported the CA root chain, then the appliance isn't able to validate the certificates validitiy.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Scott Caryer · ‎09-07-2023

Hey Chris, Do you suggest I open a case?

ChrisLynch · ‎09-07-2023

Yes, I would recommend you do.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Daisy785 · ‎05-23-2024

To ensure the security and optimal performance of our system, an appliance SSO ID (Single Sign-On) refresh is required. This refresh will enhance user authentication processes, provide better protection against unauthorized access, and streamline user experience across our services. The update will take place on [specific date/time], and minimal downtime is expected. Please save your work and log out before the scheduled maintenance to avoid any disruptions. If you encounter any issues post-update, contact the IT support team immediately for assistance. Your cooperation and understanding are greatly appreciated.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Appliance SSO Refresh Required

Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required

Re: Appliance SSO Refresh Required