02-22-2011 06:26 AM
just few questions regarding this:
1) Is SSL necessary to implement a single sign-on feature?
2) We've combination of MS Server 2008 R2 which runs Apache (as a web tier). Is IIS "must" to have a SSO feature or are Windows workstation and Apache able to do the user recognizion alone?
Any recently updated manual/guide to build succesful SSO in welcome. I've read many threads and guides, but they're often SM7.11 era or older. Which means IIS has changed since as well as Service Manager itself...
Solved! Go to Solution.
02-22-2011 07:10 AM
The scripts you just need to make are at the end.
The reason SSL is recommended is because you are passing usernames and passwords between locations. You can also setup a certificate(self-signed or verified) for IIS and that will help with the Web-tier too.
The service manager help file "Configure LW-SSO for Service Manager" was useful to get the client sso working.
Also to know what the ini configuratio nsettings and commands do, the help "List: SSL Parameters" will be of great service.
02-23-2011 01:09 AM
One question regarding that document - already at a step is a phrase "Make sure you have set up SM properly with a web client running using Tomcat/IIS 6.0 with ISAPI filter".
Currently we connect to Service Manager web tier on Apache Tomcat. Does this document expect that before implementing changes that I should be able to login to Service Manager (using username/password) which is running still in Apache Tomcat, but connection is handled by IIS7?
And if so, is there a documentation how to do this and how to test that Service Manager on IIS7 works?
02-23-2011 06:37 AM
For the directions I have attached them. I am assuming you are talking strictly about steps 10 and 11 which is why those are the only two I added.
To be fully honest these directions are accurate. They worked for me for SSL and SSO. Yes I had to make some accomodations by reading the "Help" information on SSL parameters, but you cant get away with not understanding the system and just following directions.
Other important notes about implementing on SM 9.21 vs 7:
The application-context.xml will effect the web-portal login/authentication. If the web-page says it cannot display this page when this is turned on it's because you have to add your account that you are currently logged in to for your domain, to the system.
The sm.ini will have sslConnector:0, I set it to 1 for it to work.
I did not do the "isapi filter" directions. They just broke my system. Skip to the sm.cfg wit the stipulation to ignore the "initstring password" if you didnt set one up.
At this point I follow the LW-SSO directions from the help. In these directions the webui enabled="false" instead of true. We also skipped step 5 as it didnt work with SSO because it changes the web-login authentication.
So in short make sure your ServiceManager is working before following these directions. You may have to have already known and setup accounts, the default admin(I believe is falcon). Then, run these directions, then if the eclipse login isnt working try the help guide "Configure LW-SSO in Service Manager" with my stipulations and you should be working.
02-25-2011 12:45 AM
Again thanks for your reply. You wrote:
"I did not do the "isapi filter" directions. They just broke my system. Skip to the sm.cfg wit the stipulation to ignore the "initstring password" if you didnt set one up."
Well, actually my first question was about the first step on the instructions but thanks for updating other steps. First step tells that I should have already running Apache/IIS system with ISAPI filter before attempting single signon tweaks. Could you please tell is this ISAPI filter really needed? When I checked LW-SSO instructions from Service Manager help it wasn't mentioned at all?
I'm a bit puzzled with all these instructions which seem to vary quite a lot? Has anybody succeeded to make a single signon work with instuctions listed in SM920 help document "Configuring HP Service Manager to Use the SSL-based Tusted Sign-On and LW-SSO"?
03-01-2011 06:39 AM
MSDN has a good read about ISAPI and what it does. But so you know "ISAPI filters always run on an IIS server." So whether or not you use it it will be available for later use.
I did read the guide from the Help but I got a better understanding from the guide previouslly attached.
10-12-2011 01:20 PM
I have setup webclient via Tomcat. And also IIS 7 is installed on my win 2008 server (64 bit). i have configured all the parts of redirecting the IIS to tomcat.
When I type : http://localhost --- it will open my Tomcat Manager Page.
Under that My SM webtier has been deployed. I need to implement SSO here . Please help me to configure here.
I have a SM/INDEX.DO OR ESS.DO link on my company' intranet page. As and when we click on that authentication should be automatically done with bypassing the login screen of HPSM.
Please help me in this regards. Need ur immediate help.
mail id : firstname.lastname@example.org ; email@example.com
12-02-2012 06:06 AM
I have come across same kind of issue.
We have single sign on enabled and its every time asking for windows credentials while users were already logged into the web portal
COuld you please help me, how can we stop the pop ups which comeup asking for credentials every time. If we check remember password , still it keeps asking.
Please help me solve this issue, hw can i stop the pop ups .
I did all changes which needed from the browser internet options side, but still no luck,
10-24-2013 07:58 AM
Please, can you tell me how make it the SSO implementation? We follow the documents on our labs without success. We have a Win Server 2008 with IIS 6.0, and we can't see activity on (by example) the isapi_redirect log file...