1 modify the eSight side
Open the default ssoclient.xml file of eSight (take eSight Solution V300R005C00 for example)
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<config name="oms">
<!-- Single Sign On -->
<config name="sso">
<config name="client">
<param name="enabled">true</param>
<param name="isLocalsso">true</param>
</config>
<config name="servers">
<config name="upper_layer_server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
<config name="server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
</config>
</config>
</config>
1, from the content <param name= "enabled" >true</param> you can see that the SSO feature is open, so you need to configure the ssoclient.xml and sso.xml files when you do NAT mappings to access eSight.
2, <config name= "upper_layer_server" means eSight supports superior network management configuration, such as no superior network management does not need configuration:
3, <config name= "server" > eSight lower level network management, please refer to the following steps to modify the NAT mapping eSight access steps:
Modify the lower level network management NAT map to access the eSight step:
1. 修改ssoclient.xml文件
1. modify the ssoclient.xml file
文件路径:AppBase\etc\oms.sso\ssoclient.xml。
File path: AppBase\etc\oms.sso\ssoclient.xml.
为了保证配置完NAT映射后大小网都能访问eSight,需要新增一个如下条目:
To ensure that large and small nets can access eSight after the NAT mapping is completed, a new entry is required.
<config name="server">
<param name="entryAddressMapping">6.6.6.6</param>
<param name="name">192.168.3.10:8087</param>
<param name="public">https://6.6.6.6:31942/sso/</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://6.6.6.6:31942/sso/logout</param>
</config>
2. modify the sso.xml file
File path: AppBase\etc\oms.sso\sso.xml.
Modify the following parameter values:
<param name="client-trusted-ip">10.136.64.98,6.6.6.6</param>
3. restart the eSight server.
4. The final configuration file is:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<config name="oms">
<!-- Single Sign On -->
<config name="sso">
<config name="client">
<param name="enabled">true</param>
<param name="isLocalsso">true</param>
</config>
<config name="servers">
<config name="upper_layer_server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
<config name="server">
<param name="name">192.168.3.10:8087</param>
<param name="public">https://192.168.3.10:31942/sso</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://192.168.3.10:31942/sso/logout</param>
</config>
<config name="server">
<param name="entryAddressMapping">6.6.6.6</param>
<param name="name">192.168.3.10:8087</param>
<param name="public">https://6.6.6.6:31942/sso/</param>
<param name="private">http://192.168.3.10:8087/sso</param>
<param name="logout">https://6.6.6.6:31942/sso/logout</param>
</config>
</config>
</config>
</config>
2 configuring port mapping on a AR like device
2.1 take AR as an example to configure the port map as follows:
Nat server protocol TCP global 6.6.6.6 31943 inside 192.168.3.10 31943
Nat server protocol TCP global 6.6.6.6 31942 inside 192.168.3.10 31942
Nat server protocol TCP global 6.6.6.6 8080 inside 192.168.3.10 8080
Support
