Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Configure Codar Console
Complete the following steps to integrate the Codar Console with the Common Access Card:
-
Open the
CSA_HOME\jboss-as\standalone\deployments\file in a text editor and uncomment the following line:
csa.war\WEB-INF\classes\csa.propertiesenableCAC=true -
Extract the user name from the certificate using the username extraction mechanism.
The username extraction mechanism depends on the format of your certificate. The user name extracted from the certificate should match the user names configured in the LDAP configuration configured in CSA. CSA enables you to extract the user name using the SubjectDN and Subject Alternative Name (SAN) mechanisms. To configure the username extraction mechanism you must make the changes to the following properties in the
csa.propertiesfile:Property Description csa.cac.x509Attribute The name of the
X.509certificate attribute from which the user name will be extracted.Set this property to
subjectDN/san/subjectDN,san. If this property is set to contain both attributes such assubjectDN,sanorsan,subjectDN, then username will be extracted from thesubjectDNattribute only if the SAN attribute is not present in the certificate. If this property is not set, then the default value for the property is "subjectDN".csa.cac.regex The regular expression used to extract a user name from the subjectDN X.509attribute. If this property is not set, then the default for regex isCN= (.*?). This property need not be set if the propertycsa.cac.x509Attributeis set to "san".csa.cac.san.type The type of the subject alternative name. The allowed types are othernameandrfc822name. If this property is not set, then the default value for the property isotherName. This property need not be set ifcsa.cac.x509Attributeis set to "subjectDN". -
Navigate to the
CSA_HOME\jboss-as\standalone\deployments\csa.war\WEB-INF\directory. -
Make a backup copy of the
applicationContext-security.xmlfile. - Update the Spring Security configuration. Open the
CSA_HOME\jboss-as\standalone\deployments\csa.war\file in a text editor and make the following changes:
WEB-INF\applicationContext-security.xmlLocate the comment "Pre-authentication for CAC" and uncomment the following line:
<security:authentication-provider ref="customX509AttrPreAuthAuthProvider"/>Locate and uncomment both occurrences the following line:
<custom-filter position="LAST" ref="cacFilter" />Note The
<custom-filter position="LAST" ref="cacFilter" />line defines the custom filter to be used and specifies that it will need to be set as the LAST filter in the chain of filters.Locate and uncomment both occurrences the following line:
<custom-filter position="X509_FILTER" ref="cacX509AuthenticationFilter" />Note The URL must start with
http://and cannot start with justwww.Locate the comment
Bean definitions for CACand uncomment the content that follows it:<beans:bean id="cacUserDetailsService" class="com.hp.csa.authn.impl.CACUserDetailsServiceImpl"> <beans:property name="restRole" value="ROLE_REST" /> </beans:bean> <beans:bean id="cacFilter" class="com.hp.csa.security.CACFilter" /> <beans:bean id="cacX509AuthenticationFilter" class="org.springframework.security.web.authentication.preauth.x509.X50 9AuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="principalExtractor" ref="customX509Extractor" /> </beans:bean> <beans:bean id="customX509AttrPreAuthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthe nticatedAuthenticationProvider"> <beans:property name="preAuthenticatedUserDetailsService" ref="customAuthenticationUserDetailsService" /> </beans:bean> <beans:bean id="customAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameS erviceWrapper"> <beans:property name="userDetailsService" ref="cacUserDetailsService" /> </beans:bean> <beans:bean id="customX509Extractor" class="com.hp.csa.security.CustomX509PrincipalExtractor"> <beans:property name="x509Attribute" value="${csa.cac.x509Attribute:subjectDN}"/> <beans:property name="regex" value="${csa.cac.regex:CN=(.*?),} "/> <beans:property name="sanType" value="${csa.cac.san.type:otherName}"/> </beans:bean>
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: