BPM - Authentication

  • KM03812443
  • 01-Jun-2021
  • 10-Jun-2021

Summary

Since APM 9.3x BPM`s team introduced a new authentication mechanism to avoid duplicate hosts.

Question

In earlier version BPM can connect to APM without authentication and the host name was enter by the user in the configuration wizard without any code logic verification.

This could end in duplicate hosts and jobs comming from different BPMs

Reason why they introduce this new feature to avoid this problem and have a control over the hosts regirstration

 

BPM signing encryption methods:

  • Private key parameters:
  • Unique generator - Machine MAC address
  • Host Name, Location Name/HostID, datetime < now + X minutes
  • Encryption API methods:

- RSA algorithm is used to generate private and public keys

- SHA256 with RSA algorithm is used to create signature

 

BPM signing keys structure: file system, database tables

  • BPM stores the private and public key in the following file system:

\config\auth\public.key

\config\auth\private.key

(Windows: C:\ProgramData\HP\BPM\config\auth)

  • BSM stores host private and public key in the following tables:

EUMBPM_HOSTS

Answer

How to reset BPM signing key

 

Disable BPM authentication functionality

  • Go to BSM -> Admin -> Platform -> Infrastructure Settings  -> Foundations -> EUM Administration -> Disable BPM Authentication file”.

Debug authentication issue

  • Enable BSM DEBUG log by changing the log file in the following location:

      Windows: C:\HPBSM\conf\core\Tools\log4j\EJB\eumAdmin.properties

       Linux: /opt/HP/BSM/conf/core/Tools/log4j/EJB/eumAdmin.properties

      Log Name: ma-app-msg.log

  • Error Messages:
  • BPM: Invalid digital signature
  • BSM: “Found a BPM host with the same name”
  • Debug recommendations:

- BPM main class to start with – AbstractBsmApi, BpmConfigMgr

- BSM main class to start with – AbstractAgentImpl