Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Requirements for CAC sign-on
This configuration is intended for customers who have an HPE Service Manager server running in a secured environment and want users to be able to log on to the server using a Common Access Card (CAC), without the need to enter a user name and password.
Parameters required in sm.ini
Service Manager 9.32 or later supports CAC sign-on with two-way SSL enabled and the ssl_reqClientAuth
parameter set to either "1" or "2".
The following table lists the server parameters required for CAC sign-on.
ssl_reqClientAuth:1 | ssl_reqClientAuth:2
|
---|---|
cacsignon:1 ssl:1 sslConnector:1 ssl_reqClientAuth:1
Note When using |
cacsignon:1 ssl:1 sslConnector:1
|
Note Once cacsignon
is enabled (set to 1), three parameters are automatically (and implicitly) set to 1. See the following table.
Parameter | Value | Notes |
---|---|---|
ssl | 1 | Any other values explicitly specified in sm.ini are ignored. |
sslConnector | 1 | |
ssl_reqClientAuth | 1 | Any other values explicitly specified in sm.ini are ignored except for ssl_reqClientAuth:2 . |
Parameters required in web.xml
The following parameters are required in the web tier configuration file (web.xml
):
-
isCustomAuthenticationUsed=false
Set the value to false to make Service Manager send the current user name in the HTTP header.
-
CACLogin=true
Set the value to true to enable the CAC logon mode in the web tier.
Other requirements
- Configure your web application server to enable CAC authentication. You do so by updating the web tier's
application-context.xml
file. For details, see Example: enabling CAC sign-on. -
When CAC logon is enabled in the server, you can set
ssl_reqClientAuth:1
orssl_reqClientAuth:2
in thesm.ini
file. You must then create unique client SSL certificates for each Service Manager client wanting to access Service Manager with CAC. For example, if you have 20 Service Manager Windows clients, you must create 20 unique client SSL certificates. If you have 4 Service Manager Web Tier servers, you must create 4 unique client SSL certificates for them. In addition, you need to configure SSL in the web tier configuration file (web.xml
) and also in the Windows client Preferences setting. For details, see Example: Enabling required SSL encryption and trusted clients.Tip If maintaining these unique client SSL certificates incurs unsustainable IT operation costs, you can consider the use of the
acceptsharedcert:1
parameter, which enables all clients to use a "shared certificate". For more information, see Parameter: acceptsharedcert - CAC sign-on requires two-way SSL connections between the web server (or web application server if no web server) and the user's browser. You need to set up two-way SSL on the web server, or on the web application server (if you have no web server deployed).
- Each CAC user must have an operator record created in Service Manager.
Related concepts
Example: Generating a client certificate with OpenSSL
Example: Generating a server certificate with OpenSSL
Related tasks
Add a client certificate to the web tier
Add a client certificate to the Windows client
Update the cacerts keystore file
Related references
Requirements for required SSL encryption and trusted clients
Parameter: acceptsharedcert
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-ITSM@hp.com.
Help Topic ID:
Product:
Topic Title:
Feedback: