No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Single-Node System Software Installation Guide (SUSE Linux) 09

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Connecting to the CAS SSO Server

(Optional) Connecting to the CAS SSO Server

This chapter describes how to connect eSight to the CAS SSO server when eSight functions as a CAS SSO client. This configuration is applicable to the CAS-based SSO server. Currently, eSight can only be interconnected with the U2000 and OperationCenter.

Background

This chapter does not apply to the scenario where the Driver component is installed. If the Driver component is installed, see "(Optional) Commissioning the Driver" in the eSight Product Documentation to connect to the SSO server.

Prerequisites

  • You have obtained the SSO server certificate (for example, trust.cer) and certificate password.
  • You have obtained the URLs for logging in to and logging out of the SSO server.
  • You have the permission to set system integration parameters.
  • You have added the IP address of the eSight server to the SSO server whitelist. For details, see related documents of the SSO server.

Procedure

  1. Log in to eSight.

    1. Open a web browser, type https://eSight server IP address:31943/ (for example, https://10.10.10.20:31943) in the address box, and press Enter.
      NOTE:
      • The IPv6 address format is supported for login, for example, https://[1001::10:10:10:20]:31943/.
      • In the two-node cluster scenario, the eSight server IP address is the floating IP address of eSight.
      • In the southbound and northbound isolation scenario, the IP address of the eSight server is the system IP address of eSight.
    2. Enter the user name and password.
    3. Click Login.

  2. Choose System > System Settings > System Interconnection from the main menu.
  3. Import the SSO server certificate.

    1. Choose SSO Client Settings > SSO Certificate Upload from the navigation tree on the left.
    2. Select the certificate to be imported to the SSO server and click to upload the certificate.
    3. Enter the certificate installation password and click OK.
      NOTE:

      The default password is Changeme_123.

      If the information "File uploaded successfully." is displayed, the certificate is uploaded successfully.

  4. Configure the SSO information.

    1. Choose SSO Login Settings from the navigation tree on the left.
    2. Select Enable configuration and set related parameters in Table 9-14.
      Table 9-14 Parameter description

      Parameter

      Description

      Example

      Corresponding Parameter in web.xml

      SSO Server Product

      eSight can only be interconnected with the U2000 and OperationCenter.

      To interconnect with U2000, you need to create a role with the same name as the U2000 SSO Server login user on eSight.

      U2000

      -

      SSO Server Login URL

      URL for external systems to access the SSO server.

      https://10.10.10.10:31128/unisso/login

      CASFilter/casServerLoginUrl

      SSO Server Logout URL

      URL for logging out of the SSO server.

      https://10.10.10.10:31128/unisso/logout

      eSightlogout/logoutUrl

      SSO Server URL

      Internal communication URL of the SSO server.

      https://10.10.10.10:31128/unisso

      CAS Validation Filter/casServerUrlPrefix

      Local System URL

      URL for logging in to eSight.

      https://10.10.10.20:31942

      CASFilter/serverName

      and CAS Validation Filter/serverName

      Touch URL

      URL for renewing the ticket.

      This parameter is optional.

      https://10.10.10.10:31128/unisso/touch

      eSightlogout/touchUrl

    3. Click Apply.
      NOTE:

      After application, the Change Password and ChangeContact functions on the Setting page under System > System Management > User Management are unavailable.

    4. Restart eSight. For details, see Common Operations > Common eSight Operations in the Maintenance guide.

  5. Check whether the configuration is successful.

    Log in to eSight.
    • If the login page of the SSO server is displayed and you can log in to eSight using the user name and password of the SSO server, the setting is successful.
    • If the login page of the SSO server is not displayed, the setting fails. verify the interconnection settings.

Related Tasks

  • Follow instructions in Table 9-15 to roll back the configuration for the eSight server to function as the SSO client.
    Table 9-15 Rollback operations

    Scenario

    Rollback Operation

    SSO setting success

    1. Log in to eSight as the SSO server user.
    2. Choose System > System Settings > System Interconnection from the main menu.
    3. Choose SSO Client Settings > SSO Login Settings from the navigation tree on the left.
    4. Deselect Enable configuration.
    5. Click Apply.
    6. Restart eSight. For details, see Common Operations > Common eSight Operations in the Maintenance guide.

    SSO setting failure

    1. Log in to the eSight server.
      NOTE:

      In a two-node cluster, you need to perform the rollback on both the active and standby nodes.

    2. Delete the SSO server information and eSight server information from the eSight server.
      • Windows operating system: Go to the eSight installation directory\AppBase\app\sso.app\repository\ui\sso\WEB-INF\template directory, copy web.xml.backup to the upper-layer WEB-INF directory, delete the original web.xml file, and change the name of web.xml.backup to web.xml.
      • Linux operating system:

        Log in to the eSight server as the ossuser user and run the following commands.

        > cd eSight installation directory/AppBase/app/sso.app/repository/ui/sso/WEB-INF

        > mv template/web.xml.backup web.xml

    3. Restart eSight. For details, see Common Operations > Common eSight Operations in the Maintenance guide.
  • For details about SSO client configuration, see chapter "Operation and Maintenance > Maintenance Guide > Maintenance Reference> Configuration Files > Infrastructure Management Configuration Files > Basic Management > ssoclient.xml" in the eSight Product Documentation.
Download
Updated: 2019-05-17

Document ID: EDOC1100011860

Views: 92290

Downloads: 138

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next