Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Service Manager Service Portal administration tips and tasks
- Service Manager Service Portal capabilities
- Migrating ESS or SRC to Service Manager Service Portal
- Migrating Propel to Service Manager Service Portal
- Migration from Service Manager Service Portal single node to HA nodes
- Migration from one Service Manager Service Portal single node to another
- Import Service Manager catalog item entitlement to Service Portal
- Service Manager Service Portal Tips
- Service Manager Service Portal Custom Themes
- Changing Service Manager Service Portal Default User Accounts' Passwords
- Encrypt a Password - Service Manager Service Portal User Accounts
- Change the Service Manager Service Portal Master Password
- Change the JWT Signing Key
- Set Service Exchange user roles and organizations
- Perform Service Exchange basic configuration
- Verify Service Exchange configuration
- View and manage Service Exchange content packs and adapters
- Encrypt a password in Service Manager Service Portal
- Back up and restore Service Manager Service Portal PostgreSQL databases
- Remotely connect to the Service Manager Service Portal database
- Change Service Manager Service Portal initial passwords
- Enable query field autofill for catalog item user options
- Adjust the field weight for IDOL search
- Use F5 reverse proxy with Service Portal
- Administrative toolkits
Change the Service Manager Service Portal Master Password
Service Manager Service Portal uses a master password (or Key Encryption Key – KEK) to encrypt sensitive data, such as passwords for integration accounts and database connections. We recommend that you change the default master password for improved security.
The Service Manager Service Portal master password is implemented using Shamir’s Secret Sharing Scheme (SSSS) to split the master password into multiple cryptographically-secure KEK shares and store them in distributed file locations.
The master password for individual Service Manager Service Portal applications can be changed, and not all Service Manager Service Portal applications need to have the master password changed.
The following must be done to change the Service Manager Service Portal master password:
- Split the Service Manager Service Portal Master Password
- Update All KEK Share Files for an Service Manager Service Portal Application
- Update all Encrypted Values for an Service Manager Service Portal Application
Split the Service Manager Service Portal Master Password
Perform the following procedure to split the new master password:
- On the Service Manager Service Portal host, log in as
root
and navigate to the/usr/bin
directory. -
Run the
passwordUtil.js
command to split the new master password into three separate values:# ./node /opt/hp/propel/launchpad/bin/passwordUtil.js --split
Please enter the password to split <hidden_password>
Please enter the File prefix or blank to skip file creation
Shares are (801d3c957e144c6a9d2725315,802b88f01df3c91dfb974a689,8036a46333e1457066b76f5fd) - Save the three encrypted values (KEK shares) from the output of step 2. They will be used to update the KEK share files in an Service Manager Service Portal application.
Update All KEK Share Files for an Service Manager Service Portal Application
After you split a new master password into three encrypted values, you insert the values into all of the KEK share files (KEK stores) under the parent directory of an Service Manager Service Portal application. The various Service Manager Service Portal applications have copies of these KEK stores with files named: kekshare1
, kekshare2
, and kekshare3
. The following application directories under the /opt/hp/propel
parent directory contain the kekshare*
files: catalog-ui
, subscription-ui
, idmAdmin
, msvc
, sxUI
, sxClient
, launchpad
, autopassUI
, portal
, mpp
, and diagnostics-ui
.
- If a
keyfile*
file exists, delete it. The location of thekeyfile*
file is specified in thekeyfile
attribute of an application’s configuration file. For example, inspect the$PROPEL_HOME/launchpad/app.json
configuration file for the location of the Launchpad application’s keyfile. - Locate and update every KEK store file with the newly encrypted values (from splitting the master password). That is, using the first encrypted value from the master password split, update the
kekshare1
file. Update allkekshare1
,kekshare2
, andkekshare3
files with the three corresponding encrypted values from the master password split. For example, locate and update allkekshare*
files under the/opt/hp/propel/launchpad
parent directory when splitting the master password for the Launchpad application.
Update all Encrypted Values for an Service Manager Service Portal Application
After updating all KEK share files for an Service Manager Service Portal application, all of the application’s encrypted passwords must be regenerated using the passwordUtil.js
utility. In the following example, all encrypted values for the Launchpad application are regenerated.
-
Encrypt a new value for a password with the following commands:
# cd /usr/bin
# ./node /opt/hp/propel/launchpad/bin/passwordUtil.js
Please enter the password to encrypt
Encrypted password is enc(4W6uYbNm6uWsaptPzjxPGQ==) - Using the encrypted value from step 1, Edit the
$PROPEL_HOME/launchpad/app.json
file and update all encrypted values for the following attributes:idmPassword
,passphrase
,sessionCookieSecret
, andconnectionPassword
.