No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
eSight as an SSO Client in Other Modes

eSight as an SSO Client in Other Modes

By default, eSight integrates the configuration template of the web service filter on web-based SSO clients. To start eSight, invoke the web service.

Start the eSight server as an SSO client. You do not need to modify components installed on eSight, for example, Facilities Infrastructure Manager and Smart Reporter.

File Description

  • Configuration template of the web service filter

    The file is web.xml.other.sso.template in eSight installation path\AppBase\app\sso.app\repository\ui\sso\WEB-INF\template. By default, this configuration file is not loaded by any program.

Configuring the eSight Server

  1. Close the eSight server.
  2. Modify the web.xml configuration file.

    File path: \eSight\AppBase\app\sso.app\repository\ui\sso\WEB-INF

    1. Back up the web.xml file.
      • In Windows, copy the file to the "template" directory, right-click the file, and rename it web.xml.backup.
      • On the Linux operating system, run the following command:
        mv web.xml ./template/web.xml.backup
    2. Rename web.xml.other.sso.template to web.xml. Configure related items based on the configuration file.
      • On the Windows operating system, copy web.xml.other.sso.template to the upper-layer WEB-INF and rename the file web.xml.
      • On the Linux operating system, run the following command in the template/ directory:
        cp web.xml.other.sso.template ../web.xml

  3. Store the SSO client tool kit in the specified path.

    eSight installation path\AppBase\app\sso.app\repository\ui\sso\WEB-INF\lib\

  4. Modify the configuration file.

    filter-name

    (Filter Name)

    param-name

    (Parameter Name)

    param-value

    (Parameter Description)

    Example

    Mandatory

    eSightlogout

    logoutHandler

    Indicates the Handler category of the logout operation to implement the com.huawei.eSight.solution.sso.cascade.SSOSignOutHandler interface.

    Complete path: com.huawei.esight.solution.sso.cas.CasSSOLogoutHandler

    Yes

    ******Configure filters for other SSO servers between the eSightlogout filter and eSightinit filter.******

    eSightinit

    UserFetcherClassName

    Indicates the interface for obtaining the user name and role that are authenticated by the upper-level NMS. This parameter is used to implement the com.huawei.eSight.solution.sso.cascade.UpSSOUserDefineInterface interface.

    NOTE:

    If a standard CAS system is to be integrated, you can inherit the com.huawei.eSight.solution.sso.cas.AbstractCasSSOUserDefine category to obtain role functions, without the need to implement the getUserID method.

    Refer to the implementation of com.huawei.eSight.solution.sso.cas.CasSsoUserDefineImpl.

    Yes

    • The JAR package of the interface is com.huawei.esight.solution.sso.cascade-2.0-SNAPSHOT.jar in AppBase/app\sso.app\repository\ui\sso\WEB-INF\lib.
    • The com.huawei.eSight.solution.sso.cascade.SSOSignOutHandler interface is implemented as follows:

      doBeforeLogin(Request req): indicates the operation before the login.

      doAfterLogin(Request req): indicates the operation after the login, for example, the CAS records the mapping between sessions and tickets.

      isLogoutRequest(Request req): determines the logout request from the upper-level SSO.

      handleLogout(Request req): handles the logout of the upper-level SSO, for example, deleting sessions.

    • The com.huawei.eSight.solution.sso.cascade.UpSSOUserDefineInterface interface is implemented as follows:

      getUserID(Request req): obtains the user name that is authenticated by the upper-level SSO, for example, from the sessions.

      getRoles(Request req): obtains the role transmitted from the upper-level SSO.

      doOtherOperation(Request req): indicates other operations after authentication by the upper-level SSO.

  5. Modify the ssoclient.xml file.

    File path: AppBase\etc\oms.sso\ssoclient.xml

    1. Back up the ssoclient.xml file.
    2. Change the value of parameter: <param name="logout">${SSO_Server_LOGOUT_URL}</param>.

      In this example, the IP addresses of the eSight server and SSO server are 10.137.63.8 and 10.135.84.249, respectively.

      Logout URL of eSight, for example, https://10.137.63.8:31942/sso/logout

      Changed to:

      {Logout URL of the SSO server}

      Example: https://10.135.84.249:8443/sso/logout

  6. If the SSO server uses HTTPS, configure eSight as follows:

    1. Copy the SSO server certificate, for example, ssoserver.crt, to the eSight server ("D:/ssoserver.crt" in Windows; "/opt/ssoserver.crt" in Linux).
    2. Go to eSight installation directory/AppBase/jre/bin.
      • In the Windows operating system, press Shift, right-click and choose Open command window here, and run the following command (use double quotation marks to mark the complete path of the certificate):
        keytool -import -keystore ..\lib\security\cacerts  -file "D:\ssoserver.crt" -alias casserver
      • In the Linux operating system, run the cd command to go to the "{Installation directory}/AppBase/jre/bin" directory and run the following command (use double quotation marks to mark the complete path of the certificate):
        ./keytool -import -keystore ../lib/security/cacerts  -file "/opt/ssoserver.crt" -alias casserver

      Press Enter and enter the certificate password (Changeme_123 by default). Enter y and press Enter as prompted. The import is successful.

  7. Restart the eSight server and commission SSO.

    The SSO server must meet the following conditions:

    1. The SSO server can set up HTTPS connections with eSight.

    2. The SSO server can trigger SSO clients to log out after users log out.

Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044386

Views: 15263

Downloads: 83

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next