BSM With SSL and LW-SSO Enabled : the login page appears, however credentials not taken from certificate

  • KM00429158
  • 15-May-2013
  • 15-May-2013


applies to BSM configured with SSL


BSM is configured with SSL and LW-SSO Enabled in order to access BSM Web Interface through client-side certificates.

However when accessing BSM the Login page appears and user should enter credentials username/password to log in BSM. Login is successful after that.

However, it is expected that there shouldn't be a login page and credentials should be obtained automatically from the certificate.

Steps followed are in the documentation - Platform Administration - How to Secure User Access to BSM Using Client-Side Authentication Certificates.

According the documentation this configuration should:

Secure user access to BSM using client-side authentication certificates. You configure LW-SSO using the JMX console to accept such certificates. Once a certificate is accepted, the user is logged into BSM. Client-side authentication certificates provide a secure alternative to entering user credentials in the login screen.

It is not clearly mentioned if the user should enter credentials manually in the login page (the current behavior), or if these credentials should be automatically obtained from the certificate (the behavior expected from the customer).

Is the current behavior a normal behavior?


Client Authentication works only when ENABLING following options in <BSM-Gateway-server>/HPBSM/webserver/conf/extra/httpd-ssl.conf:
SSLOptions +ExportCertData
Extra note : when configuring the LDAP Vendor Attributes in Active Directory, the UUID attribute needs to the changed from sAMAccountName to userPrincipalName.