Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Service Portal Administration Guide
- Service Portal capabilities
- Migrating ESS or SRC to Service Portal
- Migrating Propel to Service Portal
- Service Portal Tips
- Service Portal Custom Themes
- Changing Service Portal Default User Accounts' Passwords
- Encrypt a Password - Service Portal User Accounts
- Change the Service Portal Master Password
- Change the JWT Signing Key
- Set Service Exchange user roles and organizations
- Perform Service Exchange basic configuration
- Verify Service Exchange configuration
- View and manage Service Exchange content packs and adapters
- Change the host name used in an existing Service Portal installation
- Encrypt a password in Service Portal
- Back up and restore Service Portal PostgreSQL databases
- Remotely connect to the Service Portal database
- Change Service Portal initial passwords
- Enable query field autofill for catalog item user options
- Adjust the field weight for IDOL search
Change the Service Portal Master Password
Service Portal uses a master password (or Key Encryption Key – KEK) to encrypt sensitive data, such as passwords for integration accounts and database connections. HPE recommends that you change the default master password for improved security.
The Service Portal master password is implemented using Shamir’s Secret Sharing Scheme (SSSS) to split the master password into multiple cryptographically-secure KEK shares and store them in distributed file locations.
The master password for individual Service Portal applications can be changed, and not all Service Portal applications need to have the master password changed.
The following must be done to change the Service Portal master password:
- Split the Service Portal Master Password
- Update All KEK Share Files for an Service Portal Application
- Update all Encrypted Values for an Service Portal Application
Split the Service Portal Master Password
Perform the following procedure to split the new master password:
- On the Service Portal host, log in as
root
and navigate to the/usr/bin
directory. -
Run the
passwordUtil.js
command to split the new master password into three separate values:# ./node /opt/hp/propel/launchpad/bin/passwordUtil.js --split
Please enter the password to split <hidden_password>
Please enter the File prefix or blank to skip file creation
Shares are (801d3c957e144c6a9d2725315,802b88f01df3c91dfb974a689,8036a46333e1457066b76f5fd) - Save the three encrypted values (KEK shares) from the output of step 2. They will be used to update the KEK share files in an Service Portal application.
Update All KEK Share Files for an Service Portal Application
After you split a new master password into three encrypted values, you insert the values into all of the KEK share files (KEK stores) under the parent directory of an Service Portal application. The various Service Portal applications have copies of these KEK stores with files named: kekshare1
, kekshare2
, and kekshare3
. The following application directories under the /opt/hp/propel
parent directory contain the kekshare*
files: catalog-ui
, subscription-ui
, idmAdmin
, msvc
, sxUI
, sxClient
, launchpad
, autopassUI
, portal
, mpp
, and diagnostics-ui
.
- If a
keyfile*
file exists, delete it. The location of thekeyfile*
file is specified in thekeyfile
attribute of an application’s configuration file. For example, inspect the$PROPEL_HOME/launchpad/app.json
configuration file for the location of the Launchpad application’s keyfile. - Locate and update every KEK store file with the newly encrypted values (from splitting the master password). That is, using the first encrypted value from the master password split, update the
kekshare1
file. Update allkekshare1
,kekshare2
, andkekshare3
files with the three corresponding encrypted values from the master password split. For example, locate and update allkekshare*
files under the/opt/hp/propel/launchpad
parent directory when splitting the master password for the Launchpad application.
Update all Encrypted Values for an Service Portal Application
After updating all KEK share files for an Service Portal application, all of the application’s encrypted passwords must be regenerated using the passwordUtil.js
utility. In the following example, all encrypted values for the Launchpad application are regenerated.
-
Encrypt a new value for a password with the following commands:
# cd /usr/bin
# ./node /opt/hp/propel/launchpad/bin/passwordUtil.js
Please enter the password to encrypt
Encrypted password is enc(4W6uYbNm6uWsaptPzjxPGQ==) - Using the encrypted value from step 1, Edit the
$PROPEL_HOME/launchpad/app.json
file and update all encrypted values for the following attributes:idmPassword
,passphrase
,sessionCookieSecret
, andconnectionPassword
.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-ITSM@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: