02-19-2014 05:39 AM
the SSO feature seems to be broken after upgrading the environment to HPSIM 7.3 and SMH 220.127.116.11. If I click on the 'System Management Homepage' link within HPSIM, I've got the logon page from the SMH of the target system.
I use self-signed certificates of HPSIM and the certificate is successfully imported into SMH's certificate store.
Are there any hints to solve this problem?
Thanks in advance
02-19-2014 08:04 AM
could it be that it was already broken with 7.2?
There was a switch from 1024 bits cetrificates to 2048 bits. You should run a repair under configure, only set the set trust option. If you have sign-in credentials you should be able to set the new certificate. If that does not work fix one server by hand and delete thd old certificate and leave the new one in tacked. The replicate the certificate to the other servers.
02-25-2014 01:47 AM - edited 02-25-2014 02:37 AM
thanks for your response. As I remember correctly, the SSO with HSIM 7.2/SMH 7.2 runs without problems.
I ran the 'Configure and Repair Agents' option with the suggested options and got the following result:
Set Trust relationship to "Trust by Certificate"
Set Trust relationship to "Trust by Certificate" ................... [SUCCESS]
Added this instance of HP SIM to the trusted certificate list for System Management Homepage 2.0 or later.
Successfully restarted necessary management applications to ensure that all successful changes will be effective.
Re-identifying system to get updated information ...
Re-identification of system .................................... [SUCCESS]
Checking whether the HP SIM CMS can login to the SMH URL " https://<FQDN>:2381/ "
Unable to login to the SMH using certificate.................... [WARNING]
Check the system link configuration by going to "Options->Security->System Link Configuration".
The System Link Configuration ist set to 'Use the system's full DNS name.'. On the target system is SMH 18.104.22.168 installed.
Furthermore I removed the CMS certificate on the target client and startet the repair process again - the result was the same... Are there any logs with detailed information regarding the repair process?
02-25-2014 05:51 AM
No not that i know of, If you look at the installed certificates, is there only one ?
02-26-2014 12:21 AM
yes it is only one certificate listed (which was imported from the CMS). As I noticed this certificate uses a 1024 bit key.
Which certificate uses HPSIM for SSO? I thought the one under Options --> Security --> HP Systems Insight Manager Server Certificate, but this one is uses a 2024 bit key and all other data (like fingerprint, expiration date and so on) differs from the data of the imported key within the SMH...
02-26-2014 12:57 AM
Same here. No SSO to SMH from Insight possible since 7.3. SSO to iLo is functional. I tried everythin possible to solve that problem. Last versions of all installed... Hope you can find the solution... This is also relevant for the VCRM which is in our system also on the Insight Server.
02-26-2014 02:10 AM
Did you try to export the 2048 certificate and try to import the text with paste in the HP System Management Homepage under Settings > Security > Trusted Management Servers, click on details of the current installed certificate and look for "
Public-Key: (1024 bit)" or 2048 bit. Is the certificate 1024 or 2048 bits ? Now first delete any existing Certificates. Now paste the 2048 certificate in the Add Certificate Data and click on the import button. Does the trust work from SIM ?
When you signed in with Windows credentials wait for some time for the sign-in to expire until you click on the System Management Homepage link in SIM. If this work and your original certificate was 1024 the problem is that when the System Management Homepage collects it's certificate from the SIm server it collects a 1024 bits certificate.
If this works you can do a replicate of the certificate to your other servers.
02-26-2014 06:29 AM
yes I tried to import and use the 2048bit certificate - but without success. The result is the same: I've got the SMH logon screen if I click on HP System Management Homepage link. I am not sure which certificate HPSIM for authentication use.
03-12-2014 07:30 AM - edited 03-12-2014 07:32 AM
I replaced my HPSIM 7.3 installation with an new one of 7.2. From my point of view there are too many problems with the new version. As a good side effect, I've got all warranty information with remote support advanced too.