Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- User Administration
- Allow Non-Administrator Users to Start and Stop the HPE CSA or Marketplace Portal Service on Windows
- Allow the CSA, Marketplace Portal, and Global Services to be Run as a Non-Administrator User on Windows
- Change CSA Built-In User Accounts
- Account Lockout Mechanism for Cloud Service Management Console
Change CSA Built-In User Accounts
CSA ships with built-in user accounts. The user accounts are used to authenticate REST API calls and for initial setup and experimentation with the product. For security reasons, you may want to disable or change the passwords associated with these accounts (do not change the usernames).
Note
Do not create users in your LDAP directory that match the built-in users provided by
CSA: csaCatalogAggregationTransportUser
,
csaReportingUser
,ooInboundUser
, and codarintegrationUse
.
Creating the same users in LDAP may allow the CSA built-in users unintended access to the
Cloud Service Management Console or give the LDAP users unintended privileges.
Note: When you change or create passwords, you can use these special characters: ~ `! @ # $ % * ( ) _ - + = { } [ ] \ / : ; [space] ?
CSA does not support these characters: ^ & | " . > , <
Cloud Service Management Console User Accounts
The following users are shipped with CSA and are used with the Cloud Service Management Console:
Username | admin |
Default Password | cloud |
Default Role | ROLE_REST |
Usage | This account is used to initially log in to the Cloud Service Management Console to configure the provider organization. |
To Disable |
Edit the
Note
This property not only determines if the account is enabled, it also
contains the password and the roles that control access
to CSA.
See Encrypt a password
for instructions about how to encrypt this value).
The encrypted value is preceded by |
To Change Password |
If you change the password to this account, you must update the value of the password in the Updating the admin property in provider-users.properties Edit the Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. Updating the securityAdminPassword property in csa.properties Edit the
securityAdminPassword property.
Regenerate the newpassword for admin in the below format: For IDM Configuration (in file provider-users.properties) following value should be encrypted: For csa.properties – Password should be encrypted as: “newpassword” After modifying the |
Username | consumerAdmin |
Default Password | cloud |
Default Role | CONSUMER_ORGANIZATION_ADMINISTRATOR |
Usage | This account is used to initially log in to the Cloud Service Management Console to configure and manage the sample CSA Consumer organization. |
To Disable |
Edit the
Note
This property not only determines if the account is enabled, it also
contains the password and the roles that control access
to CSA.
See Encrypt a password
for instructions about how to encrypt this value).
The encrypted value is preceded by For consumerAdmin (in file consumer-users.properties) following value should be encrypted: newpassword,CONSUMER_ORGANIZATION_ADMINISTRATOR,enabled |
To Change Password |
Edit the Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. |
Username | csaCatalogAggregationTransportUser |
Default Password | cloud |
Usage | This account is used to authenticate REST API calls. |
To Disable | Do not disable this account. |
To Change Password |
If you change the password
to this account, you must update the value of the
Edit the
securityCatalogAggregationTransportUserPassword property.
Determine a suitable new password
(see Encrypt a password
for instructions).
An encrypted password is preceded by ENC without any separating spaces and is enclosed in parentheses.
Ensure there is no blank space at the end of the value.
After modifying the |
Username | csaReportingUser |
Default Password | cloud |
Default Roles | ROLE_REST, ROLE_DYNAMIC |
Usage | This account is used when a subscription is ordered or modified and a field for the subscription includes a dynamically generated list. The dynamically generated list is a subscriber option property configured to use a dynamic query. The dynamic query uses this account to access CSA to determine the values that will appear in the list. This account has read-only access to CSA . |
To Disable | Do not disable this account. |
To Change Password |
If you change the password to this account, you must update the value of the password in the Updating the csaReportingUser property in provider-users.properties Edit the Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. Updating the securityCsaReportingUserPassword property in csa.properties Edit the
securityCsaReportingUserPassword property.
Regenerate the newpassword for csaReportingUser in the below format: For IDM Configuration (in file provider-users.properties) following value should be encrypted: For csa.properties – Password should be encrypted as: “newpassword” After modifying the |
Username | csaTransportUser |
Default Password | csaTransportUser |
Usage | This account is used to authenticate REST API calls. |
To Disable | Do not disable this account. |
To Change Password |
If you change the password
to this account, you must update the value of the
Updating the securityTransportPassword property in csa.properties Edit the
securityTransportPassword property.
Determine a suitable new password
(see Encrypt a password
for instructions).
An encrypted password is preceded by ENC without any separating spaces and is enclosed in parentheses.
Ensure there is no blank space at the end of the value.
Updating the idm.csa.password property in applicationContext.properties Edit the Regenerate the newpassword for csaTransportUser in the below format: For IDM Configuration (in file provider-users.properties) following value should be encrypted: For csa.properties – Password should be encrypted as: “newpassword” After modifying and saving the changes to the files, restart CSA. See Restart CSA for instructions. |
Username | idmTransportUser |
Default Password | idmTransportUser |
Default Roles | ROLE_ADMIN, PERM_IMPERSONATE |
Usage | This account is used to authenticate REST API calls. |
To Disable | Do not disable this account. |
To Change Password |
If you change the password
to this account, you must update the value of the
Updating the securityIdmTransportUserPassword property in csa.properties Edit the
securityIdmTransportUserPassword property.
Determine a suitable new password
(see Encrypt a password
for instructions).
An encrypted password is preceded by ENC without any separating spaces and is enclosed in parentheses.
Ensure there is no blank space at the end of the value.
For idmTransportUser (in file provider-users.properties) following value should be encrypted:
Updating the idmTransportUser property in integrationusers.properties Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. Edit the |
Updating the password attribute in mpp.json Edit the
password attribute in the idmProvider section and the keyfile attribute.
Use the same password that you used for the
securityIdmTransportUserPassword property in the
csa.properties file and
encrypt this password using the password utility
that is provided by the Marketplace Portal:
Clearing the JBoss server and web browser caches After modifying and saving the changes to the files, clear the JBoss server and web browser caches. To clear the JBoss server cache, remove the contents from the See Clear the web browser cache for information about how to clear the web browser cache. Restarting CSA After making these changes, restart CSA. See Restart CSA for instructions about how to restart CSA and the Marketplace Portal. |
Username | ooInboundUser |
Default Password | cloud |
Default Role | ROLE_REST |
Usage | This account is used by Operations Orchestration to authenticate REST API calls with CSA. |
To Disable | Do not disable this account. |
To Change Password |
If you change the password to this account, you must update the value of the password in the Updating the ooInboundUser property in provider-users.properties Edit the Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. You must also update and use the same password for the CSA_REST_CREDENTIALS system account in Operations Orchestration (located in the Configuration folder of the Public Repository). Updating the securityOoInboundUserPassword property in csa.properties If you change the password
to this account, you must update the value of the
Edit the
securityOoInboundUserPassword property. Use the same encrypted password that you entered for the ooInboundUser property in the provider-users.properties file.
Regenerate the newpassword for ooInboundUser in the below format: For IDM Configuration (in file provider-users.properties) following value should be encrypted: For csa.properties – Password should be encrypted as: “newpassword” After modifying the |
Username | cdaInboundUser |
Default Password | CDA2CSAIntegration! |
Default Role | ROLE_REST |
Usage | This account is used by Continuous Delivery Automation (Continuous Delivery Automation) to authenticate REST API calls with CSA. |
To Disable | Do not disable this account. |
To Change Password |
If you change the password to this account, you must update the value of the password in the Updating the cdaInboundUser property in provider-users.properties Edit the Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. Updating the securityCdaInboundUserPassword property in csa.properties If you change the password
to this account, you must update the value of the
Edit the
securityCdaInboundUserPassword property. Use the same encrypted password that you entered for the cdaInboundUser property in the provider-users.properties file.
After modifying the |
Marketplace Portal User Account
The following is a sample user that ships with CSA and is used to access the Marketplace Portal:
Username | consumer |
Default Password | cloud |
Default Roles | SERVICE_CONSUMER, ROLE_REST |
Usage | This account is used to initially log in to and experiment with the Marketplace Portal (LDAP does not have to be configured). This user belongs to the "CSA consumer internal group" and is a member of the "CSA Consumer" organization (both the group and organization are provided as samples). |
To Disable |
Edit the
Note
This property not only determines if the account is enabled, it also
contains the password and the roles that control access
to CSA.
See Encrypt a password
for instructions about how to encrypt this value).
The encrypted value is preceded by |
To Change Password |
Edit the For consumer (in file consumer-users.properties) following value should be encrypted:
Note This property not only contains the password, but also the roles that control access
to CSA
and if the account is enabled. |
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: