I can't manage to configure LWSSO on UCMDB. I get the following message on log file security.lwsso:
<2013-08-13 14:22:11,834> [INFO ] [WrapperSimpleAppMain] - Building of configuration completed in 1469 milliseconds. <2013-08-13 14:22:28,319> [INFO ] [WrapperSimpleAppMain] - initializing LWSSO from file [lwsso/ucmdb_lwsso_conf.xml]. <2013-08-13 14:22:31,882> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty. <2013-08-13 14:22:31,897> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty. <2013-08-13 14:22:31,897> [INFO ] [WrapperSimpleAppMain] - Building of configuration completed in 3578 milliseconds. <2013-08-13 14:22:36,632> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty. <2013-08-13 14:22:36,694> [WARN ] [WrapperSimpleAppMain] - Can not configure: initString is empty.
I tried configuring the initString through the Infrastructure configuration menu and also through JMX Console. But I keep getting the message above.
Whenever LWSSO is disabled I am able to login with Active Directory users which are correctly mapped to local groups and correct permissions. However, when I enable LWSSO I can only log in using the system administrator account. Every other try gives me an authentication failure message.
I can't find the ucmdb_lwsso_conf.xml file in any of the possible directories in the machine and I have tried creating such file in many locations but I keep getting the same message. Any help on the situation?
I believed that trusted domains should be used when dealing with a multi-domain environment. Which is not my case.
I have realized the following:
I have LWSSO already configured in BSM. Whenever I log in at BSM and then open the UCMDB, single sign-on works, enabling me to log in with any user in LDAP. However if I log out with that user and then try to log in again in UCMDB, I get an authentication failure.
bsf_security shows the following messages:
2013-08-13 15:42:10,845 [qtp197491295-210] - ValidationPoint can not redirect, since authenicationPointServer  or authenicationPointURL [secure/authenicationPointURL.jsp] is null.
The parameter validation point is actually null in my configurations. Is that mandatory?