Administer > Service Portal Administration Guide > Changing Service Portal Default User Accounts' Passwords

Changing Service Portal Default User Accounts' Passwords

Service Portal has built-in user accounts. The user accounts are used to authenticate REST API calls and for initial setup and experimentation with the product. For security reasons, HPE recommends that you change the default passwords associated with these accounts, however, do not change the user names. You can also disable the admin, orgadmin, and consumer user accounts and create your own users with identical roles.

Important: Do not create users in your LDAP directory that match the users provided by Service Portal The Service Portal users are: admin, orgadmin, consumer, idmTransportUser, ooInbounduser, and sxCatalogTransportUser. Creating an identical user in LDAP could allow an Service Portal user unintended access to the Service Portal Management Console or give the LDAP user unintended privileges.

Besides changing the passwords for the built-in Service Portal user accounts, HPE recommends that you also change the default password for the root user on the Service Portal host. For details about changing the root password, refer to the passwd(1) manpage.

In the following instructions, $PROPEL_HOME represents the /opt/hp/propel directory on the Service Portal host. You can set this as an environment variable with the following command on the Service Portal host:

# export PROPEL_HOME=/opt/hp/propel

Change Passwords for Service Portal Management Console User Accounts

The following Service Portal user account is used to access administrative applications in the Service Portal Management Console.

admin User: Service Portal Management Console
Username admin
Default Password propel
Usage This Administrator account is used to log in to the Service Portal Management Console to manage Service Portal settings across all of the organizations.
To Disable

You should disable this account only after you have set up and verified a user with the Service Portal Administrator role in the Service Portal Management Console.

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/ provider-users.properties file. Update the admin property to disable this user account. For example, set admin to the following value. (This value should be encrypted.):

propel,ROLE_REST,disabled

Note: This property not only contains the password, but also the roles that control access to Service Portal and if the account is enabled

By default, the unencrypted value of this property is:
propel,DIAGNOSTICS_ADMIN,SUPPLIER_VIEWER,CONTENT_ADMIN,LICENSE_ADMIN,
SUPER_IDM_ADMIN,ROLE_REST,enabled

See Encrypt a Password - Service Portal User Accounts for instructions on how to encrypt this value. The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

To Change Password

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/ provider-users.properties file. Update the password value of the admin property and encrypt the entire value, including the roles and the account status. (See Encrypt a Password - Service Portal User Accounts for instructions on how to encrypt this value.) The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

You must also update and use the same password for every REST API call that uses the password.

Note: This property not only contains the password, but also the roles that control access to Service Portal and if the account is enabled.

By default, the unencrypted value of this property is:
propel,DIAGNOSTICS_ADMIN,SUPPLIER_VIEWER,CONTENT_ADMIN,LICENSE_ADMIN,
SUPER_IDM_ADMIN,ROLE_REST,enabled

Change Passwords for Service Portal User Accounts

The following Service Portal user accounts are used to access applications in the Service Portal.

orgadmin User: Service Portal
Username orgadmin
Default Password propel
Usage This Organization Administrator account is used to access both the Service Portal and Service Portal administrative applications for an organization, such as Catalog Connect and Policies. (LDAP does not have to be configured.) This user belongs to the "Service Portal consumer internal group" and is a member of the Service Portal Consumer organization. (Both the group and the user are provided as samples.)
To Disable

You should disable this account only after you have set up and verified a user with the Service Portal Organization Administrator role in the Service Portal.

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the orgadmin property to disable this user account. For example, set orgadmin to the following value. (This value should be encrypted.):

propel,SERVICE_CONSUMER,ROLE_REST,disabled

Note: This property not only contains the password, but also the roles that control access to Service Portal and if the account is enabled

By default, the unencrypted value of this property is:
propel,IDM_ADMIN,CATALOG_ADMIN,AGGREGATION_ADMIN,CONSUMER,SUPPORT,
SUBSCRIPTION_ADMIN,SUPPLIER_ADMIN,ROLE_REST,enabled

See Encrypt a Password - Service Portal User Accounts for instructions on how to encrypt this value. The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

To Change Password

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the password value of the orgadmin property and encrypt the entire value, including the roles and the account status. (See Encrypt a Password - Service Portal User Accounts for instructions on how to encrypt this value.) The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

Note: This property not only contains the password, but also the roles that control access to Service Portal and if the account is enabled.

By default, the unencrypted value of this property is:
propel,IDM_ADMIN,CATALOG_ADMIN,AGGREGATION_ADMIN,CONSUMER,SUPPORT,
SUBSCRIPTION_ADMIN,SUPPLIER_ADMIN,ROLE_REST,enabled

 

consumer User: Service Portal
Username consumer
Default Password propel
Usage This consumer account is used to log in to the Service Portal. (LDAP does not have to be configured.) This user belongs to the “Service Portal consumer internal group” and is a member of the Service Portal Consumer organization. (Both the group and the user are provided as samples.
To Disable

You should disable this account only after you have set up and verified a user with the Service Portal Consumer role in the Service Portal.

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the consumer property to disable this user account. For example, set consumer to the following value. (This value should be encrypted.):

propel,CONSUMER,SUPPORT,ROLE_REST,disabled

Note: This property not only contains the password, but also the roles that control access to Service Portal and if the account is enabled

By default, the unencrypted value of this property is: propel,CONSUMER,SUPPORT,ROLE_REST,enabled

See Encrypt a Password - Service Portal User Accounts for instructions on how to encrypt this value. The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

To Change Password

Edit the $PROPEL_HOME/idm-service/idm-service.war/WEB-INF/classes/
consumer-users.properties
file. Update the password value of the consumer property and encrypt the entire value, including the roles and the account status. (See Encrypt a Password - Service Portal User Accounts for instructions on how to encrypt this value.) The encrypted value is preceded by ENC without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value, for example: ENC(54j5ngfki3i43A0=d).

Note: This property not only contains the password, but also the roles that control access to Service Portal and if the account is enabled.

By default, the unencrypted value of this property is: propel,CONSUMER,SUPPORT,ROLE_REST,enabled