Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Administration Methods
- Unified Resource Manager (URM) JMX Methods
- How to Manage UCMDB Licenses Using the JMX Console
- How to Enable Remote Access to the JMX Console
- How to Download a Zip File of Log Files and Thread Dumps
- How to Retrieve UCMDB Server Logs for a Specific Time Frame
- How to Access Support Using the JMX Console
- How to Set Master Keys
- How to Use the User Activity Log
- How to Configure UCMDB Log Levels
- How to Check the Database Connection
- How to View the KPI Dashboard
- How to Enable Validation of Host Header of a Request
- How to Show/Hide the "Cannot invoke trigger" Error Message on UI
- How to View and Track Hotfixes Applied on UCMDB Server
- How to Enable Asynchronous CI History
- How to Enable CI Properties Validation On SDK APIs
- How to Encrypt/Decrypt IP Ranges Information on the Probes
- How to Prevent Custom CI Attributes Values from Being Updated by Default Values During Reconciliation
- How to Configure Maximum Number of Condition Phrases for a Single Node
- How to Enable and Define LDAP Authentication Method
- How to Change the Priority of a User Repository
- How to Restrict User Access to a Limited Subset of the UCMDB Server JMX Methods
- How to Enable Login to Universal CMDB with SAML Authentication
- High Availability Mode JMX Methods
- UCMDB Browser module JMX Methods
- Package Manager JMX Methods
- History DB Services JMX Methods
How to Enable Login to Universal CMDB with SAML Authentication
To enable SAML Authentication on UCMDB Server, do the following:
-
Import the IdP certificate to UCMDB Server truststore.
-
Copy the IdP certificate to the following directory on UCMDB:
<UCMDB_Server>\conf\security
For example, C:\UCMDB\UCMDBServer\conf\security.
-
Run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -import -v -keystore C:\UCMDB\UCMDBServer\conf\security\server.truststore -file <certificate> -alias <certificate alias>
-
Enter the UCMDB Server Truststore password.
-
When asked Trust this certificate?, press y and then Enter.
-
Make sure the output Certificate was added to the truststore.
-
-
Set SAML authentication as described in the table below via the JMX Console in the UCMDB:service=SAML Authentication Configuration Services category.
Make sure you set all mandatory fields required for a valid SAML authentication.
JMX Method (* mandatory if SMAL enabled) Description * setSamlAuthentication Enables or disables SAML authentication. Setting Is enabled to True enables SAML authentication. Null for true if not specified. * setIDPEndpointForSAMLAuthen-
ticationSets the IDP Endpoint used in SAML Authentication, mandatory field if SAML Authentication is enabled. To this endpoint the SAML Authentication Request will be sent.
Example: https://something.domain.local/adfs/ls
setIdpCertificateAlias Sets the IdP certificate alias that will be searched in server truststore. This certificate will be used to validate the response received from IdP. If no certificate alias was configured, by default the certificate with samlCertif alias will be searched.
If another alias is set instead of the default one (samlCertif), then this alias must be set using this JMX method.
* setSAMLClaimTypeContaining-
UserNameSets the SAML UserName claimType containing user's login name, mandatory field if SAML Authentication is enabled.
Example: http://schemas.xmlsoap.org/claims/CommonName
setSAMLClaimTypeContaining-
UserCustomerSets the SAML Customer claimType containing customer selected username for login, optional field if SAML Authentication is enabled (if not set, the default customer will be used).
setSAMLAuthSyncGroups Setting Sync groups to True enables IdP authenticated users to be automatically added to the UCMDB Groups that exist in both UCMDB and the user's groups list received in the SAML Group Claim response.
The User's groups claimType parameter in this JMX method also allows you to configure the claimType that contains users' groups in SAML response.
At least a default group should be configured to make sure the users will be able to access the UCMDB UI.
* setSamlUserDefaultGroup Sets the UCMDB Default Group, in which the user should be automatically added in case the Sync groups option is set to False or no user group has been received from IdP.
Important The users authenticated through SAML will be automatically added to the default group configured in JMX. If the UCMDB Default Group does not exist in UCMDB or is not configured, then the users will not be able to log in to UCMDB UI.
* setAuthRequestIssuer The SAML Request Issuer (service provider – UCMDB Server as it is configured in ADFS) * setSamlResponseIssuer The issuer from which the SAML response is expected.
Example: http://something.domain.local/adfs/services/trust
retrieveSAMLAuthenticationConfi-
gurationsLists the current SAML authentication configurations. The values listed by this method are not taken from the settings (these are the settings already configured when the UCMDB Server has been last restarted). retrieveSAMLAuthenticationConfig-
urationsFromSettingsLists the current SAML authentication configurations. The values listed by this method are taken from the settings (these are the settings configured after the UCMDB Server has been last restarted). These settings are the ones that should be used (since they are the latest ones configured), and if these are different from the retrieveSAMLAuthenticationConfigurations listing, then the UCMDB Server should be restarted (the values are reloaded only on reboot). -
Restart UCMDB Server.
Important (Multi-customer environment only) Since the Default Group is currently a global setting, in a multi-customer environment, the Default Group must be updated on each customer with the desired roles (the roles assignment are customer-dependent). Once this is done and the Customer claimType is set in JMX console, the IdP authenticated user will be able to log in to UI on the customer received in the SAML Response.
For more information about SAML authentication, see Enable SAML Authentication on UCMDB Server.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to cms-doc@microfocus.com.
Help Topic ID:
Product:
Topic Title:
Feedback: