Re: Single Sign On between SMH and HPSIM using self-signed certificates (1104 Views)
Reply
Occasional Advisor
AndreasF
Posts: 7
Registered: ‎06-07-2013
Message 1 of 11 (1,219 Views)

Single Sign On between SMH and HPSIM using self-signed certificates

Hi all,

 

the SSO feature seems to be broken after upgrading the environment to HPSIM 7.3 and SMH 7.3.1.4. If I click on the 'System Management Homepage' link within HPSIM, I've got the logon page from the SMH of the target system.

 

I use self-signed certificates of HPSIM and the certificate is successfully imported into SMH's certificate store.

 

Are there any hints to solve this problem?

 

Thanks in advance

Andreas

Trusted Contributor
Andrew_Haak
Posts: 460
Registered: ‎09-13-2013
Message 2 of 11 (1,203 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Hello there,

 

could it be that it was already broken with 7.2?

 

There was a switch from 1024 bits cetrificates to 2048 bits. You should run a repair under configure, only set the set trust option. If you have sign-in credentials you should be able to set the new certificate. If that does not work fix one server by hand and delete thd old certificate and leave the new one in tacked. The replicate the certificate to the other servers.

 

Kind regards,

 

Andrew

Kind regards,

Andrew
Occasional Advisor
AndreasF
Posts: 7
Registered: ‎06-07-2013
Message 3 of 11 (1,182 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

[ Edited ]

Hi Andrew,

 

thanks for your response. As I remember correctly, the SSO with HSIM 7.2/SMH 7.2 runs without problems.  

I ran the 'Configure and Repair Agents' option with the suggested options and got the following result:

 

Set Trust relationship to "Trust by Certificate"
Set Trust relationship to "Trust by Certificate" ................... [SUCCESS] 
Added this instance of HP SIM to the trusted certificate list for System Management Homepage 2.0 or later.


Successfully restarted necessary management applications to ensure that all successful changes will be effective.

Re-identifying system to get updated information ...
Re-identification of system .................................... [SUCCESS]

Checking whether the HP SIM CMS can login to the SMH URL " https://<FQDN>:2381/ "
Unable to login to the SMH using certificate.................... [WARNING]
Check the system link configuration by going to "Options->Security->System Link Configuration".

 

The System Link Configuration ist set to 'Use the system's full DNS name.'. On the target system is SMH 7.3.1.4 installed.

Furthermore I removed the CMS certificate on the target client and startet the repair process again - the result was the same... Are there any logs with detailed information regarding the repair process?

 

Best regards

Andreas

Trusted Contributor
Andrew_Haak
Posts: 460
Registered: ‎09-13-2013
Message 4 of 11 (1,161 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Hello again,

 

No not that i know of, If you look at the installed certificates, is there only one ?

 

Kind regards,

 

Andrew

Kind regards,

Andrew
Occasional Advisor
AndreasF
Posts: 7
Registered: ‎06-07-2013
Message 5 of 11 (1,151 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Hi Andrew,

 

yes it is only one certificate listed (which was imported from the CMS). As I noticed this certificate uses a 1024 bit key. 

 

Which certificate uses HPSIM for SSO? I thought the one under Options --> Security --> HP Systems Insight Manager Server Certificate, but this one is uses a 2024 bit key and all other data (like fingerprint, expiration date and so on) differs from the data of the imported key within the SMH...

 

Kind regards

Andreas

Advisor
H. Schöbel
Posts: 18
Registered: ‎04-01-2007
Message 6 of 11 (1,147 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Same here. No SSO to SMH from Insight possible since 7.3. SSO to iLo is functional. I tried everythin possible to solve that problem. Last versions of all installed... Hope you can find the solution... This is also relevant for the VCRM which is in our system also on the Insight Server.

 

...Hagen

Trusted Contributor
Andrew_Haak
Posts: 460
Registered: ‎09-13-2013
Message 7 of 11 (1,138 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Hello,

 

Did you try to export the 2048 certificate and try to import the text with paste in the HP System Management Homepage under Settings > Security > Trusted Management Servers, click on details of the current installed certificate and look for "

Public-Key: (1024 bit)" or 2048 bit. Is the certificate 1024 or 2048 bits ? Now first delete any existing Certificates. Now paste the 2048 certificate in the Add Certificate Data and click on the import button. Does the trust work from SIM ?

 

When you signed in with Windows credentials wait for some time for the sign-in to expire until you click on the System Management Homepage link in SIM. If this work and your original certificate was 1024 the problem is that when the System Management Homepage collects it's certificate from the SIm server it collects a 1024 bits certificate.

 

If this works you can do a replicate of the certificate to your other servers.

 

Kind regards,

 

Andrew

 

 

 

 

Kind regards,

Andrew
Occasional Advisor
AndreasF
Posts: 7
Registered: ‎06-07-2013
Message 8 of 11 (1,133 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Hi,

 

yes I tried to import and use the 2048bit certificate - but without success. The result is the same: I've got the SMH logon screen if I click on HP System Management Homepage link. I am not sure which certificate HPSIM for authentication use.

 

Regards

Andreas

Occasional Advisor
Alfred Steinberg_1
Posts: 6
Registered: ‎02-23-2004
Message 9 of 11 (1,104 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Try to change the System Link Configuration to "use the system IP address", this seems to work.

Occasional Advisor
AndreasF
Posts: 7
Registered: ‎06-07-2013
Message 10 of 11 (1,081 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

[ Edited ]

Hi all,

 

I replaced my HPSIM 7.3 installation with an new one of 7.2. From my point of view there are too many problems with the new version. As a good side effect, I've got all warranty information with remote support advanced too.

 

Best regards

Andreas

Occasional Advisor
jdance
Posts: 5
Registered: ‎07-13-2010
Message 11 of 11 (492 Views)

Re: Single Sign On between SMH and HPSIM using self-signed certificates

Switching to IP address worked for me.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.