Summary
Question
In earlier version BPM can connect to APM without authentication and the host name was enter by the user in the configuration wizard without any code logic verification.
This could end in duplicate hosts and jobs comming from different BPMs
Reason why they introduce this new feature to avoid this problem and have a control over the hosts regirstration
BPM signing encryption methods:
- Private key parameters:
- Unique generator - Machine MAC address
- Host Name, Location Name/HostID, datetime < now + X minutes
- Encryption API methods:
- RSA algorithm is used to generate private and public keys
- SHA256 with RSA algorithm is used to create signature
BPM signing keys structure: file system, database tables
- BPM stores the private and public key in the following file system:
\config\auth\public.key
\config\auth\private.key
(Windows: C:\ProgramData\HP\BPM\config\auth)
- BSM stores host private and public key in the following tables:
EUMBPM_HOSTS
Answer
How to reset BPM signing key
- JMX Console API: http://localhost:29000/mbean?objectname=Topaz%3Aservice%3DEUM+Administration+Service – removePublicKey
Disable BPM authentication functionality
- Go to BSM -> Admin -> Platform -> Infrastructure Settings -> Foundations -> EUM Administration -> Disable BPM Authentication file”.
Debug authentication issue
- Enable BSM DEBUG log by changing the log file in the following location:
Windows: C:\HPBSM\conf\core\Tools\log4j\EJB\eumAdmin.properties
Linux: /opt/HP/BSM/conf/core/Tools/log4j/EJB/eumAdmin.properties
Log Name: ma-app-msg.log
- Error Messages:
- BPM: Invalid digital signature
- BSM: “Found a BPM host with the same name”
- Debug recommendations:
- BPM main class to start with – AbstractBsmApi, BpmConfigMgr
- BSM main class to start with – AbstractAgentImpl