Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Authentication Model
ITBA supports the following authentication methods:
-
Username and password authentication
In an out-of-the-box default installation, ITBA requires users to enter username and password credentials to gain access to the application.
-
LDAP authentication
You can integrate ITBA with an LDAP directory service to share contact information across your network.
-
Lightweight Single Sign-On (LW-SSO)
An optional but highly recommended model for some integrations such as Release Control. Enabling LW-SSO for integrations will bypass the login prompts when connecting two HPE products.
-
Common Access Card (CAC) Sign-On
CAC sign-on enables users to log in to the web client directly with a smart card that stores a valid user certificate, and users only need to enter a card PIN, instead of a user name and password.
Best Practices
The following information provides guidance for increasing the security of HP product integrations using the previously described LW-SSO features of IT Business Analytics. They provide network configuration details regarding implementation of subdomains and information regarding cookie security specific to LW-SSO.
-
Ensure that the Business Analytics server components and the integrated HP product server components (PPM, SM, etc.) are deployed within appropriate subdomains. For example, if the ITBA server is currently named ba-web.mycompany.com, implement a subdomain with a name of your choosing under the mycompany domain and deploy ITBA within the new subdomain. In this example, the new subdomain is named after the region where the server resides: americas. Thus the resulting fully qualified domain name of the server would be: ba-web.americas.mycompany.com.
Repeat this process for each integrated HP product in your deployment; e.g.
releasecontrol.americas.mycompany.com
sm.americas.mycompany.com
Once the above is completed, you will need to change the LW-SSO configuration files for ITBA and the integrated products to point to the new subdomain. Modify the <domain> element’s value in the lwssofmconf.xml file from:
<domain>mycompany.com</domain>
To:
<domain>americas.mycompany.com</domain>
lwssofmconf.xml is located in the ITBA deployed WAR file in the WEB-INF/classes subdirectory. For more information, see LW-SSO .
Note It will be necessary to change the LW-SSO configuration files of the integrated product(s) for the LW-SSO features to function properly. For information on changing the LW-SSO configuration for the integrated HP products, please refer to that product’s installation and configuration documentation.
-
As stated throughout this guide, it is recommended that communications between integrated products, clients (browsers), and Business Analytics are secured using HTTPS. When this is completed, take the following additional steps to increase the security of the LW-SSO cookie.
- Ensure that the parameter secureHTTPCookie in the lwssofmconf.xml is set to true.
-
Ensure that the parameter useHTTPOnly in the lwssofmconf.xml is set to true.
These parameters assure that the LW-SSO cookie is only sent over networks where HTTPS is enabled and not accessible via client-side scripting languages.
-
To further protect the LW-SSO session cookie, it is recommended to change the value of the parameter expirationPeriod in the lwssofmconf.xml file from:
<expirationPeriod>50</expirationPeriod>
To:
<expirationPeriod>8</expirationPeriod>
This file is located in the Business Analytics deployed WAR file in the WEB-INF/classes subdirectory. The expirationPeriod parameter controls how often the LW-SSO cookie is refreshed.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to SW-Doc@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: