Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Install and configure the standalone IdM service
- Task 1: Deploy IdM on a web application server
- Task 2: Configure SSL in the IdM web application server
- Task 3: Create an IdM client trust store
- Task 4: Configure SAML SSO
- Task 5: Configure a tenant and specify the ADFS metadata URL
- Task 6: Configure the IdM service for LW-SSO compatibility
- Task 7: Specify an IdM token signing key
- Task 8: Specify an IdM user account for Service Manager
- Task 9: Replace JRE policy files for the IdM server
- Task 10: Configure the SAML keystore in IdM
- Task 11: Import the IdP public key into the IdM SAML keystore
- Task 12: Encrypt IdM passwords and keys
- Task 13: Create an empty database for IdM
- Task 14: Configure database connection in the IdM service
- Task 15: Download the IdM metadata
- Task 16: Create a trust relationship with ADFS
- Task 17: Adjust the max authentication age setting in the IdM service
- Configure SAML authentication by using the IdM admin console
Task 4: Configure SAML SSO
To do this, follow these steps:
Step 1. Configure SP-Initiated SSO: Redirect/POST Binding
Follow these steps to update the IdM service configuration base for SP-initiated web SSO:
-
In the <idm-service>/WEB-INF/web.xml file, make sure that the following line is uncommented:
/WEB-INF/spring/applicationContext-saml.xml
Note The applicationContext-saml.xml file includes Spring beans for SAML.
-
Configure HP SSO.
- Open the <idm-service>/WEB-INF/web.xml file with a text editor.
- Search for "START HP SSO Configuration". This section is commented out by default.
-
Specify the location of the HP SSO configuration file as "/WEB-INF/hpssoConfig.xml".
<!-- START HP SSO Configuration --> <listener> <listener-class>com.hp.ccue.identity.hpssoImpl.HpSsoContextListener</listener-class> </listener> <context-param> <param-name>com.hp.sw.bto.ast.security.lwsso.conf.fileLocation</param-name> <param-value>/WEB-INF/hpssoConfig.xml</param-value> </context-param> <!-- END HP SSO Configuration --> -
In the <idm-service>\WEB-INF\spring\applicationContext-v0.xml file, make sure that the tokenWriter property setting in the HP SSO Configuration section is not commented out, as shown below.
<!--Authentication API --> <bean id="authenticationApiController" class="com.hp.ccue.identity.web.api.AuthenticationController"> <property name="tokenService" ref="tokenService"/> <property name="identityService" ref="identityService"/> <property name="sessionStateService" ref="sessionStateService"/> <!-- START HP SSO Configuration --> <property name="tokenWriter" ref="hpssoTokenWriter" /> <!-- END HP SSO Configuration --> </bean> -
Edit the <idm-service>\WEB-INF\hpssoConfig.xml file as described below.
-
Specify the domain name of the IdM server (for example, the Tomcat server). The domain name must match the DNS domain name of the system on which the IDM service is deployed, because the HP SSO cookies are domain-specific.
Note All components that participate in SAML except the SM Server (the IdM service, SM web tier, SRC, and Mobility Client) must be in the same domain, because HP SSO cookies are domain-specific.
- Change secureHTTPCookie (default: false) to true if SSL is enabled between the user's browser and the web application server of the SM web tier, SRC, or Mobility Client.
See the following for an example.
<creation tokenGlobalTimeout="480" tokenIdleTimeout="30" secureHTTPCookie="true"> <!-- lwsso is required --> <lwsso> <!-- domain is required HPSSO 1.0 version supports a single domain only. All servers using HPSSO should have the same domain and it should be denoted in this tag --> <creationDomains> <!-- for development environments only! --> <domain>mycompany.net</domain> </creationDomains> </lwsso> </creation> -
Step 2. Disable ECP
ADFS does not support ECP; however, the IdM metadata includes the AssertionConsumerService for ECP. Therefore, this step is required.
To disable ECP, follow these steps:
- Open the <idm-service>WEB-INF\spring\applicationContext-saml.xml file with a text editor.
-
Search for the following line, and comment it out.
<property name="ecpEnabled" value="true"/>
