LDAP - Trusted Sign On in Windows Client - Sm 9.30 (1152 Views)
Reply
Advisor
Peeves02
Posts: 38
Registered: ‎04-22-2009
Message 1 of 12 (1,152 Views)

LDAP - Trusted Sign On in Windows Client - Sm 9.30

1. Windows 2008 64-bit, HP SM 9.30

 

2. sm.ini has the following parameters (aside from the normal stuff that goes on it):

sslConnector:0
trustedsignon:1
#ldap settings
ldapauthenticateonly
ldapnostrictlogin:1
ldapbinddn:thisID@thisDomain
ldapbindpass:thispassword

3. I have added an operator and contact records that matches my windows login ID.

 

4. I have setup the scldapconfig to have values on the following entry:

LDAP server: thisserver

LDAP port: 389

LDAP base directory: thisvalue

 

5. I have set up a file/field level mapping to file operator with values on the following:

contact.name - sAMAccountName

email - mail

full.name = displayName

name = sAMAccountName

 

When I login to SM using my windows client and manually typing my ID and password, I can log on just fine and I can see in the log file that its querying the LDAP for entries where sAMAccountName is equal to my ID.  Which is fine.

 

But when I tried to login to the windows client while the Trusted Sign-On button is clicked (which means I don't have to manually type my ID and password) I get the following error message in the log file:

 

 2988( 3596) 03/19/2012 12:12:05 RTE W Sending 401 Not Authorized challenge
 2988( 2724) 03/19/2012 12:12:05 JRTE W Send error response: A CXmlApiException was raised in native code : error 20 : scxmlapi(20) - Authentication failure
 2988( 3596) 03/19/2012 12:12:05 JRTE I Termination signal: 0

 

Any ideas would be greatly appreciated.

Please use plain text.
Frequent Visitor
Divya_KN
Posts: 2
Registered: ‎12-22-2011
Message 2 of 12 (1,150 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

Do you have SSL configured ? Is SSL configured fine and working ?

Please use plain text.
Advisor
Peeves02
Posts: 38
Registered: ‎04-22-2009
Message 3 of 12 (1,144 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

No, I'm not planning to use SSL.  Is that a pre-req for trusted sign-on in Windows Client?

Please use plain text.
Honored Contributor
ramesh9
Posts: 958
Registered: ‎04-19-2011
Message 4 of 12 (1,141 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

Hi

 

   Please post sm.cfg and sm.ini files from SM environment.

 

  Also please tell us whether following has been performed,

 

  1.    Whether SM server keystore files has been generated and whether serverkeystore file had been placed

         in SM server RUN folder?

 

  2.    Whether SM client keystore file has been generated and whether client keystore file has been placed in

         SM windows client folder for ex under \plugins folder

 

  3.    In SM windows client whether you had set the preferences for SM to look out for certificates when SM

         operator logs in?

Please use plain text.
Honored Contributor
ramesh9
Posts: 958
Registered: ‎04-19-2011
Message 5 of 12 (1,140 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

Yes, SSL is a pre-requisite for Trusted Sign on feature.

 

Please follow SM Quick and Dirty guide for Trusted Sign on to implement the feature.

Please use plain text.
Frequent Visitor
Divya_KN
Posts: 2
Registered: ‎12-22-2011
Message 6 of 12 (1,136 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

Service Manager 9.30 only supports trusted sign-onwith SSL enabled and the ssl_reqClientAuth parameter set to "2". To use trusted sign-on, you must first add your web tier and Windows clients to a domain.

 

Hope this helps.

Please use plain text.
Advisor
Peeves02
Posts: 38
Registered: ‎04-22-2009
Message 7 of 12 (1,120 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

Thanks Divya. I was able to implement SSO and Trusted Sign-on on windows client using SM 9.21 on one of our clients without using any SSL.

 

I used the same steps that I used before and it's not working with SM 9.30.

Please use plain text.
Occasional Visitor
KrustyTheClown
Posts: 1
Registered: ‎04-05-2012
Message 8 of 12 (1,086 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

SSO for SM 9.3 has been totally hosed by Mordoc, The Preventer of IT Services.  And I thought he was just a comic strip character in Dilbert!  This means you have to put Certificates on everything to do SSO, because if you don't something bad might happen, even on a closed network with no internet access


Peeves02 wrote:

Thanks Divya. I was able to implement SSO and Trusted Sign-on on windows client using SM 9.21 on one of our clients without using any SSL.

 

I used the same steps that I used before and it's not working with SM 9.30.



.  Of course, HP didn't think about the bad things that would happen by requiring SSL, like losing customers, and of lesser importance, consultants that would otherwise want to work on this stuff.

Please use plain text.
Regular Advisor
John_Baker
Posts: 88
Registered: ‎07-10-2009
Message 9 of 12 (1,072 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

SSO for SM is easy if you've got the right product. At this point in time, SM does not ship with an SSO solution hence why we've produced SSO Plugin for SM.

 


John

Please use plain text.
Advisor
piku-aryanrj
Posts: 14
Registered: ‎11-10-2011
Message 10 of 12 (1,057 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

hi,

 

We have successfully implemented SSO in SM9.30. And in SM9.30 SSL is must to implement the SSO.

 

Rahul

Rahul Jain
Please use plain text.
Valued Contributor
lss123
Posts: 74
Registered: ‎06-29-2011
Message 11 of 12 (1,052 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

Just confirming what the person above me said.  SSO with SM 9.30 is possible, and it does require SSL.  I've set it up many times.  For those new to implementing it, get SSL working first, then do SSO - do one at a time.  If you're new to do both and you make a mistake, it's hard to tell if it's SSO-related or SSL-related.

Please use plain text.
Regular Visitor
JustinUrb
Posts: 1
Registered: ‎05-23-2010
Message 12 of 12 (847 Views)

Re: LDAP - Trusted Sign On in Windows Client - Sm 9.30

I have the same problem as the original poster, I get an Authentication Error when using the trusted sign-on radio button.
I have SSL configured and working, and the "trustedsignon:1" parameter in my sm.cfg file. Is there something else required for the TSO to work?. Currently I am only trying to enable this on the full windows client.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation