Install > Install Service Manager Collaboration > Deploy Service Manager Collaboration with HTTPS > Task 2: Enable LW-SSO on the Service Manager web tier

Task 2: Enable LW-SSO on the Service Manager web tier

In this task, you will enable LW-SSO in the Service Manager web tier so that Service Manager users can use Collaboration without logging on to the Service Manager server separately.

Note If SAML Single Sign-On (SSO) is enabled for Service Manager, you should configure LW-SSO for Service Manager Collaboration as follows:

  • Enable LW-SSO in the Service Manager Server
  • Disable LW-SSO in the Service Manager web tier
  • Enable LW-SSO in the Openfire chat server
  • Enable LW-SSO in the Micro Focus Identity Manager (IdM) service

Note As an example, this task uses Tomcat 8.0 as the web application server and Tomcat 8.0_SMWeb as the name of the Tomcat installation root directory.

Follow these steps:

  1. Stop the Tomcat web application server.

  2. Navigate to the C:\Program Files\Apache Software Foundation\Tomcat 8.0_SMWeb\webapps\webtier-9.61\WEB-INF directory.

  3. Make a copy of the web tier configuration file (web.xml) and save it as web_OOB.xml.

  4. Open the web.xml file with a text editor.

  5. Set the serverHost parameter to the Service Manager server’s FQDN. In the all-in-one example steps described in this document, set this parameter to training.sm-demo.com.

    <init-param>
    <!-- Specify the Service Manager server host and port location -->
    	<param-name>serverHost</param-name>
    	<param-value>training.sm-demo.com</param-value>
    </init-param>
  6. Set the secureLogin parameter to false.

    <context-param>
    	<param-name>secureLogin</param-name>
    	<param-value>false</param-value>
    </context-param>
  7. Set the isCustomAuthenticationUsed parameter to false.

    <context-param>
    	<param-name>isCustomAuthenticationUsed</param-name>
    	<param-value>false</param-value>
    </context-param>
  8. Search for "LWSSO filter".

    <!-- LWSSO filter for integrations using HP lightweight single sign-on
    PLEASE NOTE: Uncomment this filter and the associated filter-mapping,
    and see application-context.xml for additional configuration needed
    for LWSSO. -->
    <!--
    	<filter>
    	<filter-name>LWSSO</filter-name>
    	<filter-class>com.hp.sw.bto.ast.security.lwsso.LWSSOFilter</filter-class>
    	</filter>
    -->
  9. Uncomment the LWSSO filter section by removing the comment tags.

    <filter>
    	<filter-name>LWSSO</filter-name>
    	<filter-class>com.hp.sw.bto.ast.security.lwsso.LWSSOFilter</filter-class>
    </filter>
  10. Search for "LWSSO filter-mapping".

    <!-- LWSSO filter-mapping, please read description for LWSSO filter above
    before uncommenting this. -->
    <!--
    	<filter-mapping>
    	<filter-name>LWSSO</filter-name>
    	<url-pattern>/*</url-pattern>
    	</filter-mapping>
    -->
  11. Uncomment the LWSSO filter mapping section by removing the comment tags.

    <filter-mapping>
    	<filter-name>LWSSO</filter-name>
    	<url-pattern>/*</url-pattern>
    	</filter-mapping>
  12. Save and close the web.xml file.
  13. Navigate to the C:\Program Files\Apache Software Foundation\Tomcat 8.0_SMWeb\webapps\webtier-9.61\WEB-INF\classes directory.

  14. Make a copy of the lwssofmconf.xml file, and save it as lwssofmconf_OOB.xml.

  15. Open the lwssofmconf.xml file with a text editor.

  16. Set the enableLWSSOFramework parameter to true.

    <enableLWSSO
    	enableLWSSOFramework="true"
    	enableCookieCreation="true"
    	cookieCreationType="LWSSO"/>
  17. Set the domain parameter to sm-demo.com.

    <lwssoValidation id="ID000001">
    	<domain>sm-demo.com</domain>
    	<crypto cipherType="symmetricBlockCipher"
    	engineName="AES" paddingModeName="CBC" keySize="256"
    	encodingMode="Base64Url"
    	initString="This is a shared secret passphrase"/>
  18. Set the initString parameter to LWSSO_INIT_STRING.

    <lwssoValidation id="ID000001">
    	<domain>sm-demo.com</domain>
    	<crypto cipherType="symmetricBlockCipher"
    	engineName="AES" paddingModeName="CBC" keySize="256"
    	encodingMode="Base64Url"
    	initString="LWSSO_INIT_STRING"/>
  19. Set secureHTTPCookie to false.

    <creation>
    	<lwssoCreationRef useHTTPOnly="true" secureHTTPCookie="false">
    	<lwssoValidationRef refid="ID000001"/>
    	<expirationPeriod>50</expirationPeriod>
    	</lwssoCreationRef>
    	</creation>
  20. In the multiDomain section, set the first DNS Domain to sm-demo.com and the first FQDN to training.sm-demo.com.

    <multiDomain>
    	<trustedHosts>
    	<DNSDomain>sm-demo.com</DNSDomain>
    	<DNSDomain>example1.com</DNSDomain>
    	<NetBiosName>myserver</NetBiosName>
    	<NetBiosName>myserver1</NetBiosName>
    	<IP>xxx.xxx.xxx.xxx</IP>
    	<IP>xxx.xxx.xxx.xxx</IP>
    	<FQDN>training.sm-demo.com</FQDN>
    	<FQDN>myserver1.example1.com</FQDN>
    	</trustedHosts>
    </multiDomain>
  21. Save and close the lwssofmconf.xml file.
  22. Navigate to the C:\Program Files\Apache Software Foundation\Tomcat 8.0_SMWeb\webapps\webtier-9.61\WEB-INF\classes directory, make a copy of the application-context.xml file and save it as application-context_OOB.xml.
  23. Open the application-context.xml file with a text editor.

  24. Locate the following line:

    <sec:filter-chain pattern="/**" filters="securityContextPersistenceFilter,anonymousAuthFilter"/>
  25. Add lwSsoFilter to this line as follows:

    <sec:filter-chain pattern="/**" filters="securityContextPersistenceFilter,lwSsoFilter,anonymousAuthFilter"/>

    Caution Use the correct case for lwSsoFilter.

  26. Search for bean id="lwSsoFilter" to locate the lwSsoFilter bean.

    <!--
    	<bean id="lwSsoFilter" class="com.hp.ov.sm.client.webtier.lwsso.LwSsoPreAuthenticationFilter">
    	<property name="authenticationManager">
    	<ref bean="authenticationManager"/>
    	</property>
    	<property name="defaultRole">
    	<value>ROLE_PRE</value>
    	</property>
    	</bean>
    -->
  27. Uncomment the lwSsoFilter bean by removing the comment tags shown in the previous step.

  28. Save and close the application-context.xml file.
  29. Go to Windows Services, and start the Apache Tomcat 8.0 SMWeb service.