Configure LW-SSO in Operations Orchestration (OO)

Applies to User Roles:

System Administrator

If Lightweight Single Sign-On (LW-SSO) is enabled in both Service Management and Operations Orchestration, users who have logged on to Service Management are allowed to sign on to Operations Orchestration through the web tier without providing a user name and password.

Note

  • In the following procedure, <OO_HOME> represents the Operations Orchestration home directory.
  • LW-SSO requires that the accounts used to log on to Operations Orchestration and Service Management have the same account name (but can have different passwords).

To configure LW-SSO in Operations Orchestration 9.x and earlier versions:

  1. Stop the RSCentral service.
  2. In <OO_HOME>\Central\WEB-INF\applicationContext.xml, enable the import between LWSSO_SECTION_BEGIN and LWSSO_SECTION_END as shown below.
    <!--  LWSSO_SECTION_BEGIN--> 
             <import resource="CentralLWSSOBeans.xml"/> 
    <!--  LWSSO_SECTION_END --> 
    
  3. In <OO_HOME>\Central\WEB-INF\web.xml, enable all the filters and mappings between LWSSO_SECTION_BEGIN and LWSSO_SECTION_END as shown below.
    <!-- LWSSO_SECTION_BEGIN  -->
    
     <filter>
        <filter-name>LWSSO</filter-name>
        <filter-class>com.iconclude.dharma.commons.util.http.DharmaFilterToBeanProxy
        </filter-class>
        <init-param>
           <param-name>targetBean</param-name>
           <param-value>dharma.LWSSOFilter</param-value>
        </init-param>
        ......   
    </filter>
    <!-- LWSSO_SECTION_END -->
    
    <!-- LWSSO_SECTION_BEGIN-->
        <filter-mapping>
            <filter-name>LWSSO</filter-name><url-pattern>/*</url-pattern>
        </filter-mapping>
    <!--LWSSO_SECTION_END -->
    
    <!-- LWSSO_SECTION_BEGIN-->
      <filter-mapping>
         <filter-name>LWSSO2Acegi</filter-name><url-pattern>/*</url-pattern>
         </filter-mapping>
         <filter-mapping>
           <filter-name>dharmaLWSSOGroupsFilter</filter-name><url-pattern>/*</url-pattern>
      </filter-mapping>
    <!--LWSSO_SECTION_END -->
    
    
  4. In <OO_HOME>\Central\conf\lwssofmconf.xml, edit the two parameters:

    • domain: Domain name of the Service Management Web tier server.
    • initString: Must be same as the initString value in the Service Management LW-SSO configuration (minimum length: 12 characters). For example, smintegrationlwsso.

    For example:

    
    <webui>
     <validation>		
       <in-ui-lwsso>				
         <lwssoValidation id="ID000001">
    	<domain>asia.hpqc.net</domain>
    	 <crypto cipherType="symmetricBlockCipher"
    	   engineName="AES" paddingModeName="CBC" keySize="256"  
               encodingMode="Base64Url" 			
    	    initString=" smintlwsso "></crypto>
    	 </lwssoValidation>
    	</in-ui-lwsso>
     </validation>
     <creation>
    	 <lwssoCreationRef id="ID000002">
    		<lwssoValidationRef refid="ID000001"/>
    		<expirationPeriod>600000</expirationPeriod>
    	 </lwssoCreationRef>
     </creation>
    </webui>
    
  5. Restart the RSCentral service so that the configuration takes effect.

To configure LW-SSO in Operations Orchestration 10:

Refer to HPE Operations Orchestration Central User Guide > Setting Up Security – LWSSO available from HPE Software Support Online.