No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 08

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the SSO Authentication (Veritas HA System)

Configuring the SSO Authentication (Veritas HA System)

This chapter describes how to interconnect eSight with the SSO server when eSight functions as an SSO client. The configuration applies to U2000, U2020, OperationCenter 3.x, and OperationCenter 6.x.

Prerequisites

  • You have obtained the SSO server certificate (for example, trust.cer) and certificate password. eSight has integrated the default SSO certificates of U2000, U2020, and OperationCenter 6.5 and its later versions. If there is no change to the certificates, you do not need to obtain and import them again. For OperationCenter 3.x and versions earlier than OperationCenter 6.5, you need to manually import SSO certificates on the page.
  • You have obtained the URLs for logging in to and logging out of the SSO server.
  • You have the permission to set system integration parameters.
  • You have added the floating IP address of eSight system to the SSO server whitelist if eSight is deployed in local two-node cluster mode. You have added the system IP address of the active eSight server to the SSO server whitelist if eSight is deployed in remote two-node cluster mode. For details, see related documents of the SSO server.

Procedure

  1. Log in to eSight.

    1. Enter https://eSight IP address:31943/ (for example, https://10.10.10.20:31943/) in the address box of the browser and press Enter.

      Set eSight IP address to the floating IP address if eSight is deployed in local two-node cluster mode. Set eSight IP address to the system IP address of the active eSight server if eSight is deployed in remote two-node cluster mode.

      NOTE:

      The login IP address can be in IPv6 format, for example, https://[1001::10:10:10:20]:31943/.

    2. Enter the user name and password.
    3. Click Login.

  2. (Optional) If no user or role with the same name as the SSO server login user or role of the user exists on eSight, create a user or role on eSight.

    • When eSight interconnects with U2000, U2020, or OperationCenter 6.x, create a role on eSight.
      1. Choose System > System Management > User Management from the main menu.
      2. Choose Role from the navigation tree on the left.
      3. Click Create. The role creation page is displayed.
      4. Set the parameters.

        The role name must be the same as the role name of the SSO server login user. Set other parameters based on the site requirements.

    • When eSight interconnects with OperationCenter 3.x, create a user on eSight.
      1. Choose System > System Management > User Management from the main menu.
      2. Choose User from the navigation tree on the left.
      3. Click Create. The user creation page is displayed.
      4. Set the parameters.

        The user name must be the same as the name of the SSO server login user. Set other parameters based on the site requirements.

  3. Choose System > System Settings > System Interconnection from the main menu.
  4. Perform this step if eSight needs to interconnect with OperationCenter 3.x and versions earlier than OperationCenter 6.5, or you need to update the SSO certificates of U2000, U2020, and OperationCenter 6.5 and its later versions. Otherwise, skip this step.

    1. Choose SSO Client Settings > SSO Certificate Upload from the navigation tree on the left.
    2. Select the certificate to be imported to the SSO server and click to upload the certificate.
    3. Enter the certificate installation password and click OK.
      NOTE:

      The default password is Changeme_123.

      If the message "File uploaded successfully." is displayed, the certificate is uploaded successfully.

  5. Configure the SSO information.

    1. Choose SSO Login Settings from the navigation tree on the left.
    2. Select Enable configuration.
    3. Select SSO server product.

      Set other parameters based on the product. For details, see Table 3-23 or Table 3-24.

      NOTE:

      You can configure only one SSO server address (IPv4, IPv6, or domain name) on eSight. If the SSO server has multiple addresses (for example, the remote HA scenario), it is recommended that the domain name be used to interconnect the SSO server with eSight.

      Table 3-23 U2000 (CAS SSO)/OperationCenter 3.x (CAS SSO) configuration description

      Configuration Item

      Description

      Example

      Configuration Item in the web.xml File

      Local system URL

      URL for logging in to eSight.

      https://10.10.10.20:31942

      CASFilter/serverName and CAS Validation Filter/serverName

      SSO server URL

      URL prefix for external systems to access the SSO server.

      https://10.10.10.10:31128/unisso

      CAS Validation Filter/casServerUrlPrefix

      SSO server login URL

      URL for logging in to the SSO server.

      https://10.10.10.10:31128/unisso/login

      CASFilter/casServerLoginUrl

      SSO server logout URL

      URL for logging out of the SSO server.

      https://10.10.10.10:31128/unisso/logout

      eSightlogout/logoutUrl

      Touch URL

      (Optional) URL for renewing the ticket.

      https://10.10.10.10:31128/unisso/touch

      eSightlogout/touchUrl

      Table 3-24 U2020 (UniSSO)/OperationCenter 6.x (UniSSO) configuration description

      Configuration Item

      Description

      Example

      Configuration Item in the ssoconfig.xml File

      Local system URL

      URL for logging in to eSight.

      https://10.10.10.20:31942

      ssoconfig/serverName

      SSO server login URL

      URL for logging in to the SSO server.

      https://10.10.10.10:31943/unisso

      ssoconfig/ssoServerUrl

      SSO server logout URL

      URL for logging out of the SSO server.

      https://10.10.10.10:31943/unisso/logout

      ssoconfig/logoutUrl

    4. Click Apply.
      NOTE:

      After the settings are applied, the Change Password and ChangeContact functions on the Setting page under System > System Management > User Management are unavailable.

  6. Restart eSight.

    1. Stopping the eSight service.
      1. Log in to the primary server as the root user.
      2. Run the following command to stop eSight.

        # hares -offline NMSServer -sys Host name of the primary server

      3. Run the following command to stop database listener.

        # hares -offline Netlsnr -sys Host name of the primary server

      4. Run the following command to stop database.

        # hares -offline Oracle -sys Host name of the primary server

    2. Starting the eSight service.
      1. Log in to the primary server as the root user.
      2. Run the following command to start database.

        # hares -online Oracle -sys Host name of the primary server

      3. Run the following command to start database listener.

        # hares -online Netlsnr -sys Host name of the primary server

      4. Run the following command to start eSight.

        # hares -online NMSServer -sys Host name of the active server

  7. Check whether the configuration is successful.

    Log in to eSight.
    • If the login page of the SSO server is displayed and you can log in to eSight using the user name and password of the SSO server, the setting is successful.
    • If the login page of the SSO server is not displayed, the setting failed. Check the interconnection settings.

Related Operations

  • Follow instructions in Table 3-25 to roll back the configuration that enables the eSight server to function as the SSO client.
    Table 3-25 Rollback operations

    Scenario

    Rollback Operation

    SSO setting success

    1. Log in to eSight as the SSO server user.
    2. Choose System > System Settings > System Interconnection from the main menu.
    3. Choose SSO Client Settings > SSO Login Settings from the navigation tree on the left.
    4. Deselect Enable configuration.
    5. Click Apply.
    6. Restart eSight. For details, see 6.

    SSO setting failure

    • Log in to eSight as the SSO server user. If an error page is displayed, perform the following operations to roll back the SSO configuration:
    1. Log in to the active eSight server.
    2. Delete the SSO server information and eSight server information from the eSight server.
      • Run the following commands:

        > cd eSight installation directory/AppBase/app/sso.app/repository/ui/sso/WEB-INF

        > mv template/web.xml.backup web.xml

        > vi template/ssourlconfig.xml

        Press i to enter the editing mode. Set applied to "false", and delete the related configuration information as following:
        <applied>false</applied>
        <serverType/>
        <ssoType/>
        <loginUrl/>
        <logoutUrl/>
        <touchUrl/>
        <systemUrl/>
        <serverUrl/>
        <privateUrl/>

        Press Esc to exit the editing mode and run the :wq command to save and exit the file.

      • In the U2020 (UniSSO)/OperationCenter 6.x (UniSSO) configuration scenario, perform the following operations in addition to the preceding operations:

        > mv template/ssoconfig.xml.backup classes/ssoconfig.xml

    3. Restart eSight. For details, see 6.
    • Log in to eSight as the SSO server user. If the eSight server login page is displayed, perform the following operations to roll back the SSO configuration:
    1. Log in to eSight as the eSight server user.
    2. Choose System > System Settings > System Interconnection from the main menu.
    3. Choose SSO Client Settings > SSO Login Settings from the navigation tree on the left.
    4. Deselect Enable configuration.
    5. Click Apply.
    6. Restart eSight. For details, see 6.
  • For details about SSO client configuration, see chapter "Operation and Maintenance > Maintenance Guide > Maintenance Reference> Configuration Files > Infrastructure Management Configuration Files > Basic Management > ssoclient.xml" in the eSight Product Documentation.

Follow-up Procedure

If the SSO server certificate is changed, you need to import the SSO server certificate to eSight again.

  1. Log in to eSight.
  2. Import the new SSO server certificate.
    1. Choose SSO Client Settings > SSO Certificate Upload from the navigation tree on the left.
    2. Enter the certificate installation password and click OK.
      NOTE:

      The default password is Changeme_123.

      If the message "File uploaded successfully." is displayed, the certificate is uploaded successfully.

  3. Restart eSight.
    1. Stopping the eSight service.
      1. Log in to the primary server as the root user.
      2. Run the following command to stop eSight.

        # hares -offline NMSServer -sys Host name of the primary server

      3. Run the following command to stop database listener.

        # hares -offline Netlsnr -sys Host name of the primary server

      4. Run the following command to stop database.

        # hares -offline Oracle -sys Host name of the primary server

    2. Starting the eSight service.
      1. Log in to the primary server as the root user.
      2. Run the following command to start database.

        # hares -online Oracle -sys Host name of the primary server

      3. Run the following command to start database listener.

        # hares -online Netlsnr -sys Host name of the primary server

      4. Run the following command to start eSight.

        # hares -online NMSServer -sys Host name of the active server

  4. Check whether the configuration is successful.
    Log in to eSight.
    • If the login page of the SSO server is displayed and you can log in to eSight using the user name and password of the SSO server, the setting is successful.
    • If the login page of the SSO server is not displayed, the setting failed. Check the interconnection settings.
Translation
Download
Updated: 2019-08-03

Document ID: EDOC1100044378

Views: 65335

Downloads: 346

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next