Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Cloud Service Automation4.80.0002

Administer > HA Configuration > Configure the CSA node > Configure CSA on each CSA node > Configure SSO

Configure Single Sign-On

If you have integrated Single Sign-On (SSO) between CSA and another application (such as Operations Orchestration), you must configure SSO on the CSA node.

Open the CSA_HOME/jboss-as/standalone/deployments/idm-service.war/WEB-INF/hpssoConfig.xml file in a text editor.
Locate the following content:

<onFailure> . . . <action name="redirectToAP"> <targetUrl>https://[CSA_NODE_HOSTNAME]:[CSA_NODE_PORT]/csa/login</targetUrl> </action>
Replace [CSA_NODE_HOSTNAME] and [CSA_NODE_PORT] as follows:

For Load balancer:

Replace [CSA_NODE_HOSTNAME] with LOAD_BALANCER_HOSTNAME) and the virtual host port for the CSA nodes (LOAD_BALANCER_CSA_HTTPS_PORT). For example:

<onFailure> . . . <action name="redirectToAP"> <targetUrl>https://load_balancer.xyz.com:8443/csa/login</targetUrl> </action>

For Apache load balancer:

Replace [CSA_NODE_HOSTNAME] with APACHE_LOAD_BALANCER_HOSTNAME) and the virtual host port for the CSA nodes (APACHE_LOAD_BALANCER_CSA_HTTPS_PORT). For example:

<onFailure> . . . <action name="redirectToAP"> <targetUrl>https://apache_load_balancer.xyz.com:8443/csa/login</targetUrl> </action>
Locate the initString value in the crypto element. The initString setting for CSA must be the same value for all nodes in the cluster and any applications (such as Operations Orchestration) that are integrated with Single Sign-On. The initString value represents a secret key and should be treated as such in your environment.
Copy the initString value to the CSA_HOME/jboss-as/standalone/deployments/idm-service.war/WEB-INF/hpssoConfig.xml file on all other nodes in the cluster.
Copy the initString value to the CSA_HOME/jboss-as/standalone/deployments/idm-service.war/WEB-INF/hpssoConfig.xml file on this and all other nodes in the cluster.
Configure this initString value in any applications that are integrated with CSA using Single Sign-On, including Operation Orchestration.

Workflow Designer Configuration - SSO

Open the CSA_HOME/jboss-as/standalone/deployments/idm-service.war/WEB-INF/hpssoConfig.xml file on first CSA node in text editor and locate the initString value in crypto element.

Example:

<crypto initString="2kDcHB0eOHrHcAGeArIPr7TNfuivOpKqjj29SwKOQIoI" cipherType="symmetricBlockCipher" engineName="AES"

paddingMode="CBC" keySize="256" encodingMode="Base64Url" algorithmPaddingName="PKCS7Padding" checkIntegrity="disabled"

cryptoSource="lw" directKeyEncoded="false" directKeyEncoding="Hex" jcePbeAlgorithmName="PBEWithHmacSHA1"

jcePbeMacAlgorithmName="PBEWithHmacSHA1" macAlgorithmName="SHA1" macKeySize="256" macPbeCount="20" macType="hmac"

pbeCount="20" pbeDigestAlgorithm="SHA1"/>

If not already done, copy this initString to CSA_HOME/jboss-as/standalone/deployments/idm-service.war/WEB-INF/hpssoConfig.xml of all other CSA nodes.

Create encrypted version of initString with encrypt-password script. When prompted for password, provide the initString to the script:

sh# cd $CSA_HOME/workflow-designer/designer/bin

sh# ./encrypt_password

Password (typing will be hidden):

Confirm password (typing will be hidden):

{ENCRYPTED}xxts33/07Dtyz0iZ3eOQhzFVuqXvZ7KK6wDNm1A4E5+byAxlDZ+lHzwNRPvLgqXf

sh#

Edit the file CSA_HOME/workflow-designer/designer/var/securitysecured.properties on every CSA node.

Add/Edit the lwsso.initString property with the encrypted initString from encrypt-password sript:

#This is for limit the size of single CP upload, default 200MB

upload.max.fileSize.limit = 209715200

#This is for limit the number of parallel CP creation

max.parallel.cp.creation = 30

#This is for limit the number of parallel CP upload

max.parallel.cp.upload = 50

is.secured.cookie = true

lwsso.initString = {ENCRYPTED}xxts33/07Dtyz0iZ3eOQhzFVuqXvZ7KK6wDNm1A4E5+byAxlDZ+lHzwNRPvLgqXf

Edit file CSA_HOME/workflow-designer/designer/tomcat/conf/server.xml on every CSA node. Locate Engine element and add jvmRoute property with unique node name for every workflow-designer node:

Engine element in server.xml file:

<Engine defaultHost="localhost" name="Catalina">

On first node change to:

<Engine defaultHost="localhost" name="Catalina" jvmRoute="ood1">

On second node change to:

<Engine defaultHost="localhost" name="Catalina" jvmRoute="ood2">

...

Restart workflow-designer on every node using command: CSA_HOME/workflow-designer/designer/bin/designer restart

Send Help Center feedback