SM 7 .01 Trusted Sign-on Configuration
Service Manager has been configured for trusted sign-on functionality to address the complexity of
maintaining duplicate user accounts, multiple passwords, and separate logins across applications.
Activating trusted sign-on requires you either create or purchase Secure Socket Layer (SSL) certificates for
the Service Manager Server, Service Manager Web Tier, and Service Manager Windows® clients.
You use these certificates to create a secure network connection between the Service Manager Windowsclient and the Service Manager server, or between the Service Manager Web Tier and the Service Manager
server. The connection between the user's Web browser and the Web Tier remains unchanged and requires
no additional configuration in terms of importing certificates.
Note: In Samba the certificates are been created.
Below are the steps used for configuring Trusted Sing-On Configuration
Step 1: Check the prerequisites for configuration
A. Obtain the SC-SM SSL Certificates Creator.exe file from Support, or
Download it from internal ftp://16.48.43.15/Service Manager/Trusted Sign-on/,
Note: In Samba, we got the Certificates creator.exe from HP Support.
B.
Download the Java 1.5.0_12 JDK from the SUN website
http://java.sun.com/products/archive/j2se/5.0_12/index.html
C.
Download Tomcat 5.5.26 from the Apache.org website
http://tomcat.apache.org/download-55.cgi
D. Download Apache http server 2.2.8 from the Apache.org website
http://httpd.apache.org/download.cgi
E. Download the Tomcat - Apache httpd connector module (mod_jk-1.2.26-httpd-2.2.4.so) from
the Apache.org website
http://tomcat.apache.org/download-connectors.cgi
F. - Download the win32 domain authentication module (mod_auth_sspi-1.0.4-2.2.2) from the
sourceforge.net network
http://sourceforge.net/projects/mod-auth-sspi/
G. Ensure Application Server is as part of a domain, and that your internet connection is working.
Step 2: Service Manager Configuration file
1
Modify the sm.ini and the sm.cfg file so that you have a different port for
normal servlet (13080) and SSL servlet (13081) connections.
See the entries below:
## sm.ini ##
# ServiceManager Initialization file
# Copyright (c) 1997-2007 HP, Inc.
# 3/11/08 3:00 PM
#General parameters
shared_memory:32000000
log:../logs/sm.log
alertlog:../logs/sm.alert.log
#Connection paramaters
#all httpPort, httpsPort and sslConnector parameters moved to sm.cfg !!
ssl_reqClientAuth:2
trustedsignon:1
#SSL Servlet parameters
keystoreFile:server.keystore
keystorePass:serverkeystore
ssl_trustedClientsJKS:trustedclients.keystore
ssl_trustedClientsPwd:trustedclients
truststoreFile:cacerts
truststorePass:cacert
 The above entries are added along with other parameters of SM.ini file like Database
connection, ldap connection etc..
## sm.cfg ##
2
#
# HP Service Manager Server Configuration File
#
# Used by HP Service Manager service on Windows and smstart script on Unix
# to start the Service Manager server processes.
#
##############################################################################
#
# Copyright (c) 1997-2007 HP, Inc.
# All Rights Reserved
#
##############################################################################
#
# start a Service Manager listener
#
sm -httpPort:13080 -sslConnector:0
sm -httpPort:13081 -sslConnector:1 -httpsPort:13443 -ssl:1
#
# start background schedulers
#
sm system.start
 The above entries are added along with other parameters of SM.cfg file like SC Email, SC Auto
listener values, etc.
Note:
- Create a new connection in the Eclipse client that points to fully qualified
domain name of the machine where you installed the Service Manager 7.0x app
Server, connects to port 13080, and on the Connection tab, enable the
Use Login/Password checkbox.
- Test your setup to see that you can create a connection from the Eclipse client
to the Service Manager 7.0x server, on port 13080, non-SSL encrypted.
Step 3: Creating the X509 certificates for SSL encryption
Extract the files in the SC-SM SSL Certificates Creator.exe to a directory
With the name \ssl
 In the \ssl\TSO-servlet directory, open the tso_srv_svlt.bat in a text editor
and set the following parameter :
3
JAVA_HOME="<root dir of the Java JRE>",
 In the \ssl\TSO-servlet directory, open the tso_cln_svlt.bat in a text editor
and set the following parameter :
JAVA_HOME="<root dir of the Java JRE>",
 In the \ssl\TSO-servlet directory, open the openssl.conf file and set the
Following parameters:
########################################################################
[ req ]
default_bits
= 2048
default_keyfile
= privkey.pem
distinguished_name
= req_distinguished_name
attributes
= req_attributes
x509_extensions = v3_ca
dirstring_type = nobmp
[ req_distinguished_name ]
countryName
countryName_default
countryName_min
countryName_max
stateOrProvinceName
stateOrProvinceName_default
localityName
localityName_default
organizationName
organizationName_default
= Country Name (2 letter code)
= SA
=2
=2
= State
= RIYADH
= Locality Name (eg, city)
= MALAZ
= Organizational Name
= SAMBA
organizationalUnitName
organizationalUnitName_default = CSD
= Organizational Unit Name (eg, section)
commonName
commonName_max
commonName_default
= Common Name (eg, computer hostname)
= 64
= cmlzcsdsvmn1.corp.samba.com
emailAddress
emailAddress_max
emailAddress_default
= Email Address
= 40
= 1tcc.sm@samba.com
4
[ req_attributes ]
challengePassword
challengePassword_min
challengePassword_max
= A challenge password
=4
= 20
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
########################################################################
 Open a command line window and go to the \ssl\TSO-servlet directory and run the
tso_srv_svlt.bat file.
When prompted to fill in:
Country Name, hit enter,
State, hit enter,
Locality Name, hit enter,
Organizational Name, hit enter,
Organizational Unit Name, hit enter,
Common Name, hit enter,
Email Address, hit enter,
Trust this certificate? Type yes and hit enter
What is your first and last name? type <the fully qualified domain name of
this machine> and hit enter
What is the name of your organizational unit? Type <the name of the
organizational unit> and hit enter
What is the name of your organization? Type <the name of the organization> and
hit enter
What is the name of your City or Locality? Type <the name of the organization's
city> and hit enter
What is the name of your State or Province? Type <the name of the organization's
state/province> and hit enter.
What is the two-letter country code for this unit? Type <fill in the 2-letter
country code for the organization> and hit enter
5
Verify your entries and type yes and hit enter
(RETURN if same as keystore password): hit enter
 Verify that in the \ssl\TSO-servlet directory 3 new folders are created,
Containing the following files:
\certs
cacerts
mycacert.pem
mycacert.srl
scservercert.pem
\crs
servercert_request.crs
\key
cakey.pem
server.keystore

From the command line in the \ssl\TSO-servlet directory, type :
tso_cln_svlt.bat <the fully qualified domain name of this machine>,

Run this command and when prompted to fill in :
What is your first and last name? Type <the fully qualified domain name of this
machine> and hit enter
What is the name of your organizational unit? Type <the name of the
organizational unit> and hit enter
What is the name of your organization? Type <the name of the organization> and
hit enter
What is the name of your City or Locality? Type <the name of the organization's
city> and hit enter
What is the name of your State or Province? Type <the name of the organization's
state/province> and hit enter
What is the two-letter country code for this unit? Type <fill in the 2-letter
country code for the organization> and hit enter
Verify your entries and type yes and hit enter
(RETURN if same as keystore password): hit enter
6
Trust this certificate? Type yes and hit enter
 verify that in the 3 folders in the \ssl\TSO-servlet directory, the following
Files exist:
\certs
cacerts
clientpubkey.cert
mycacert.pem
mycacert.srl
scclientcert.pem
scservercert.pem
trustedclients.keystore
\crs
clientcert_request.crs
servercert_request.crs
\key
cakey.pem
server.keystore
<the fully qualified domain name of the machine that is running the SM
app server>.keystore
If all these files exist and no errors were reported during the creation of
these files, the certificates are ready to be used.
Step 4: Configuring Service Manager 7.0x server for SSL encryption
 Go to \RUN directory of the Service Manager 7.0x server installation and rename
the cacerts file to cacerts.orig,
 Copy the following files from the \ssl\TSO-servlet\certs directory to the \RUN directory of the
Service Manager 7.0x server installation.
i. cacerts
ii. trustedclients.keystore
 Copy the following files from the \ssl\TSO-servlet\key directory to the \RUN directory of the
Service Manager 7.0x server installation :
i. server.keystore
Step 5: Configuring Service Manager 7.0x Eclipse client for SSL encryption

Go to the \plugins\com.hp.ov.sm.client.common_7.0x directory of the Service
Manager 7.0x client installation and rename the cacerts file to cacerts.orig,
7
 Copy the following files from the \ssl\TSO-servlet\certs directory to the
\plugins\com.hp.ov.sm.client.common_7.0x directory of the Service Manager 7.0x
client installation :
i. cacerts
 Copy the following files from the \ssl\TSO-servlet\keys directory to the
\plugins\com.hp.ov.sm.client.common_7.0x directory of the Service Manager 7.0x
client installation :
i. <the fully qualified domain name of this machine>.keystore,
 Open the Eclipse client, and create a new connection (give it a meaningful
name to indicate it uses SSL encryption), that connects to port 13081, on the
Connection tab enable the Use Login/Password checkbox, and on the Advanced tab,
enable the Use SSL Encryption checkbox. Save the connection and close the
connections windows.
8
 From the Eclipse client click on the Window option in the menu bar, and select
the Preferences -> option.
 In the Preferences window, expand the HP Service Manager tree and select the
security section and set the following parameters in the security section of the Eclipse client :
i. CA certificates file : <full path of the Service Manager 7.0x client install>\
plugins\com.hp.ov.sm.client.common_7.0x\cacerts
ii Client keystore file : <full path of the Service Manager 7.0x client install>\
plugins\com.hp.ov.sm.client.common_7.0x\<the fully qualified domain name of this
machine>.keystore
iii Client keystore password : clientkeystore
Click on the OK button and close the Eclipse client completely.
9
Note: For every New Windows Client Installation, system administrator has to perform Step 5, i.e copy
the files “cacerts” and “cmlzcsdsvmn1.corp.samba.com.keystore” to “ $INSTALL_DIR of SM
Application\Program Files\HP\Service Manager 7.01\Client\plugins\com.hp.ov.sm.client.common_7.01”
and configure the above settings.
 Open the Eclipse client and start the newly created SSL connection that connects
to port 13081 and verify that it works.
10
Note: Check the sm.log to verify that you see the message : SSL connection accepted
in the log
Step 6: Enabling Trusted Sign-on for Service Manager 7.0x Eclipse client (Windows Client)
 Create a new user in Service Manager 7.0x that has the same user name and
Password (including case-sensitivity) as your Windows domain user that you used
to log on to this machine
 Open the Eclipse client, and create a new connection (give it a meaningful
name to indicate it uses Trusted Sign-on) that connects to port 13081. On the
Connection tab, enable the Use Trusted Sign-on checkbox and on the Advanced tab,
enable the Use SSL Encryption checkbox. Save the connection and close the
Connections windows.
11
 Open the Eclipse client and start the newly created Trusted Sign-on connection
that connects to port 13081 and verify that it works.
12
Note: Check the sm.log and verify that you see the message Set trusted sign-on login user to <domain
user> in the log.
Step 7: Installation and configuration of Java JDK 1.5.0_12
 Install the Java 1.5.0_12 JDK in the default directory and leave all the
options default when installing.
 Go to the Windows System Properties, select the Advanced tab and click on
the Environment Variables button and add a new variable :
i. name = JAVA_HOME
ii. value = <root dir of the Java JDK>
Step 8: Installation and configuration of Tomcat 5.5.26

Install Tomcat 5.5.26 from the file you downloaded from the Apache.org website.

From the install menu, choose component and select the Normal option.

From the install menu -> install location, install in the default directory.

From the install menu -> basic configuration, set the following parameters :
i Select port 8080
ii. User name : Admin
iii.. Password : leave it Blank
13
 From the install menu -> Java Virtual Machine, set the path of the JVM to the
root dir of the JRE you installed in Part 7.

After installation, click on the Configure Tomcat shortcut in the Start Menu.
 On the Java tab, set the Java Virtual Machine to the jvm.dll of the JRE and
add to the Java Classpath “ ;<Java JDK install dir>\lib\tools.jar”
Step 9: Installing the Service Manager 7.0x normal web client
 Copy the Service Manager 7.0x .war file from the Service Manager 7.0x install
files to the \webapps directory of Tomcat and rename it to sm7.war and start Tomcat
 After auto-deployment of the sm7.war file, a new folder has been created in
the \webapps directory of Tomcat with the name sm7
 Go to the webapps\sm7\WEB-INF directory and open the web.xml in a text editor. Set the
following parameters :
i. serverHost <Fully Qualified Domain Name of this machine>
ii. serverPort <The normal port the Service Manager 7.0x server is listening
on>
 Create a web page shortcut that points to : http://<Fully Qualified Domain Name of this
machine>:8080/sm7/index.do and test to see that the normal web client is running.
Note: If you see the login page of Service Manager 7.0x then the normal web client
is successfully installed and running.
Step 10: Installing the Service Manager 7.0x SSL web client

Stop Tomcat,
 Copy the Service Manager 7.0x .war file from the Service Manager 7.0x install
files to the \webapps directory of Tomcat and rename it to sm7ssl.war and start Tomcat
 After auto-deployment of the sm7ssl.war file, a new folder has been created in
the \webapps directory of Tomcat with the name sm7ssl.
 Go to the webapps\sm7ssl\WEB-INF directory and open the web.xml in a text editor. Set the
following parameters :
i. isCustomAuthenticationUsed false
14
ii. serverHost <Fully Qualified Domain Name of this machine>
iii. ServerPort <The SSL port the Service Manager 7.0x server is listening on>
iv. ssl true
v. cacerts /WEB-INF/cacerts
vi. keystore /WEB-INF/<Fully Qualified Domain Name of this machine>.keystore
vii. keystorePassword
clientkeystore,
 Go to the webapps\sm7ssl\WEB-INF\classes directory and open the
application-context.xml in a text editor. Set the following parameters:
Change the line
/**=httpSessionContextIntegrationFilter,anonymousProcessingFilter
To
/**=httpSessionContextIntegrationFilter,preAuthenticationFilter,anonymousProcessingFilter

In the \webapps\sm7ssl\WEB-INF directory, rename the cacerts to cacerts.orig,
 Copy the following files from the \ssl\TSO-servlet\certs directory to the
\webapps\sm7ssl\WEB-INF directory:
i. cacerts
 Copy the following files from the \ssl\TSO-servlet\keys directory to the
\webapps\sm7ssl\WEB-INF directory:
i. <the fully qualified domain name of this machine>.keystore
 Create a web page shortcut that points to : http://<Fully Qualified Domain Name of this
machine>:8080/sm7ssl/index.do andf test to see that the SSL web client is running.
Note: I f you see the login page of Service Manager 7.0x then the SSL web client is
Successfully installed and running,
Step 11: Installing Apache 2.2.8 http server and configuring it
 Install Apache http server from the file that you downloaded from the
Apache.org website.
15
 From the install menu-> server information, set the network domain to the
Qualified Domain Name and set the server name to the Fully Qualified Domain Name
of this machine and set the administrator email address to your email address and select the option For
All Users on Port 80 as a Service.

From the install menu-> setup type, choose Typical.

From the install menu->Destination Folder, install in the default directory.
 After installation start Apache http server to see that it is running correctly,
open a web browser and go to http://<Fully Qualified Domain Name of this machine>.
Note: You should see a blank web page with the words: It works!
Also, make sure your Win 2003 server does not have IIS running, or Apache will not
start up..!!,

Stop the Apache http server.
Step 12: Installing the Tomcat - Apache http server connector and configuring it
 Copy the mod_jk-1.2.26-httpd-2.2.4.so that you downloaded from the Apache.org
website to the \modules directory of the Apache http server installation, and rename it to “mod_jk.so”.
 In the \conf directory of Apache http server installation, create a text file
with the name “mod_jk.conf” and open the file in a text editor

Copy the contents here below into the mod_jk.conf file :
##########################################################
###################################################################
# Auto generated configuration. Dated: Fri Mar 01 16:50:07 PST 2002
# Edited Oct 17 02 TSD
###################################################################
#
# The following line instructs Apache to load the jk module
# Use the mod_jk.so file, for Tomcat 5.x and greater.
# The mod_jk.dll is for Tomcat 4.x and lower.
# Using the wrong version will causes load errors..!!
#
LoadModule jk_module modules/mod_jk.so
16
#ajp13 workersfile
JkWorkersFile conf/workers.properties
#mod_jk log file
JkLogFile logs/mod_jk.log
#
# Log level to be used by mod_jk
#
JkLogLevel error
###################################################################
#
SSL configuration
#
#
# By default mod_jk is configured to collect SSL information from
# the apache environment and send it to the Tomcat workers. The
# problem is that there are many SSL solutions for Apache and as
# a result the environment variable names may change.
#
# The following (commented out) JK related SSL configuration
# can be used to customize mod_jk's SSL behaviour.
#
# Should mod_jk send SSL information to Tomcat (default is On)
# JkExtractSSL Off
#
# What is the indicator for SSL (default is HTTPS)
# JkHTTPSIndicator HTTPS
#
# What is the indicator for SSL session (default is SSL_SESSION_ID)
# JkSESSIONIndicator SSL_SESSION_ID
#
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
# JkCIPHERIndicator SSL_CIPHER
#
# What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT)
# JkCERTSIndicator SSL_CLIENT_CERT
#
#
#
###################################################################
#
# Root context mounts for Tomcat
#
#JkMount /example/*.jsp ajp13
#JkMount /example/servlet/* ajp13
JKMount /sm7/* ajp13
17
JKMount /sm7ssl/* ajp13
#########################################################
# Auto configuration for the /sm7 webapps context starts.
#########################################################
#
# The following line makes apache aware of the location of the /sm7 webapps context
#
Alias /sm7 "<Tomcat root install dir>/webapps/sm7"
<Directory "<Tomcat root install dir>/webapps/sm7">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# The following line prohibits users from directly accessing WEB-INF
#
<Location "/sm7/WEB-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. On Windows, Location doesn't work unless case matches
#
<Directory "<Tomcat root install dir>/webapps/sm7/WEB-INF/">
AllowOverride None
deny from all
</Directory>
#
# The following line prohibits users from directly accessing META-INF
#
<Location "/sm7/META-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. On Windows, Location doesn't work unless case matches
#
<Directory "<Tomcat root install dir>/webapps/sm7/META-INF/">
AllowOverride None
18
deny from all
</Directory>
#######################################################
# Auto configuration for the /sm7 webapps context ends.
#######################################################
#########################################################
# Auto configuration for the /sm7ssl webapps context starts.
#########################################################
#
# The following line makes apache aware of the location of the /sm7ssl webapps context
#
Alias /sm7ssl "<Tomcat root install dir>/webapps/sm7ssl"
<Directory "<Tomcat root install dir>/webapps/sm7ssl">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# The following line prohibits users from directly accessing WEB-INF
#
<Location "/sm7ssl/WEB-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. On Windows, Location doesn't work unless case matches
#
<Directory "<Tomcat root install dir>/webapps/sm7ssl/WEB-INF/">
AllowOverride None
deny from all
</Directory>
#
# The following line prohibits users from directly accessing META-INF
#
<Location "/sm7ssl/META-INF/">
AllowOverride None
deny from all
</Location>
19
#
# Use Directory too. On Windows, Location doesn't work unless case matches
#
<Directory "<Tomcat root install dir>/webapps/sm7ssl/META-INF/">
AllowOverride None
deny from all
</Directory>
#######################################################
# Auto configuration for the /sm7ssl webapps context ends.
#######################################################
###########################################################
 In the mod_jk.conf file replace the string <Tomcat root install dir> with the
actual Tomcat root installation directory and save the file, and close it.
 In the \conf directory of Apache http server installation, create a text file
with the name “workers.properties” and open the file in a text editor and copy the contents here
below into the workers.properties file:
###########################################################
#################################################################################
#
# $Header: /home/cvs/jakarta-tomcat/src/etc/Attic/workers.properties,v 1.3.2.2
# 2000/10/16 01:59:22 larryi Exp $
# $Revision: 1.3.2.2 $
# $Date: 2000/10/16 01:59:22 $
#
#################################################################################
#
# workers.properties #
# This file provides jk derived plugins with with the needed information to
# connect to the different tomcat workers.
#
# As a general note, the characters $( and ) are used internally to define
# macros. Do not use them in your own configuration!!!
#
# Whenever you see a set of lines such as:
# x=value
# y=$(x)\something
#
# the final value for y will be value\something
#
# Normaly all you will need to modify is the first properties, i.e.
# workers.tomcat_home, workers.java_home and ps. Most of the configuration
# is derived from these.
20
#
# When you are done updating workers.tomcat_home, workers.java_home and ps
# you should have 3 workers configured:
#
# - An ajp13 worker that connects to localhost:8009
# - A jni inprocess worker.
# - A load balancer worker
#
# However by default the plugins will only use the ajp12 worker. To have
# the plugins use other workers you should modify the worker.list property.
#
#
#
# workers.tomcat_home should point to the location where you
# installed tomcat. This is where you have your conf, webapps and lib
# directories.
#
#Apache Tomcat installation dir #
workers.tomcat_home="<Tomcat root install dir>"
#
# workers.java_home should point to your Java JDK installation. Normally
# you should have a bin and lib directories beneath it.
#
#Java JDK install dir #
workers.java_home="<Java JDK install dir>"
#
# You should configure your environment slash... ps=\ on NT and / on UNIX
# and maybe something different elsewhere.
#
ps=\
# ps=/
#
#------ ADVANCED MODE -----------------------------------------------#--------------------------------------------------------------------#
#
#------ DEFAULT WORKER LIST -----------------------------------------#--------------------------------------------------------------------#
#
# The workers that your plugins should create and work with
#
21
worker.list=ajp13
#
#------ DEFAULT ajp13 WORKER DEFINITION -----------------------------#--------------------------------------------------------------------#
#
# Defining a worker named ajp13 and of type ajp13
# Note that the name and the type do not have to match.
#
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
#
# Specifies the load balance factor when used with
# a load balancing worker.
# Note:
# ----> lbfactor must be > 0
# ----> Low lbfactor means less work done by the worker.
worker.ajp13.lbfactor=1
#
# Specify the size of the open connection cache.
#worker.ajp13.cachesize
#
#------ DEFAULT LOAD BALANCER WORKER DEFINITION ---------------------#--------------------------------------------------------------------#
#
# The loadbalancer (type lb) workers perform wighted round-robin
# load balancing with sticky sessions.
# Note:
# ----> If a worker dies, the load balancer will check its state
#
once in a while. Until then all work is redirected to peer
#
workers.
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=ajp13
#
#------ DEFAULT JNI WORKER DEFINITION -------------------------------#--------------------------------------------------------------------#
22
#
# Defining a worker named inprocess and of type jni
# Note that the name and the type do not have to match.
#
worker.inprocess.type=jni
#
#------ CLASSPATH DEFINITION ----------------------------------------#--------------------------------------------------------------------#
#
# Additional class path components.
#
worker.inprocess.class_path=$(workers.catalina_home)$(ps)classes
#
# The XML parser provided with Tomcat
#
worker.inprocess.class_path=$(workers.catalina_home)$(ps)lib$(ps)jaxp.jar
worker.inprocess.class_path=$(workers.catalina_home)$(ps)lib$(ps)parser.jar
#
# Tomcat's implementation
#
worker.inprocess.class_path=$(workers.catalina_home)$(ps)lib$(ps)jasper.jar
worker.inprocess.class_path=$(workers.catalina_home)$(ps)lib$(ps)servlet.jar
worker.inprocess.class_path=$(workers.catalina_home)$(ps)lib$(ps)webserver.jar
#
# Javac as available from Java2SE
#
worker.inprocess.class_path=$(workers.java_home)$(ps)lib$(ps)tools.jar
#
# Setting the command line for tomcat
# Note: The cmd_line string may not contain spaces.
#
worker.inprocess.cmd_line=-config
worker.inprocess.cmd_line=$(workers.catalina_home)/conf/jni_server.xml
worker.inprocess.cmd_line=-home
worker.inprocess.cmd_line=$(workers.catalina_home)
#
# The JVM that we are about to use
#
# This is for Java2
23
#
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)bin$(ps)classic$(ps)jvm.dll
#
# And this is for jdk1.1.X
#
#worker.inprocess.jvm_lib=$(workers.java_home)$(ps)bin$(ps)javai.dll
#
#
# Setting the place for the stdout and stderr of tomcat
#
worker.inprocess.stdout=$(workers.catalina_home)$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.catalina_home)$(ps)inprocess.stderr
#
# Setting the tomcat.home Java property
#
worker.inprocess.sysprops=tomcat.home=$(workers.catalina_home)
#
# Java system properties
#
# worker.inprocess.sysprops=java.compiler=NONE
# worker.inprocess.sysprops=myprop=mypropvalue
#
# Additional path components.
#
# worker.inprocess.ld_path=d:$(ps)SQLLIB$(ps)bin
#
#
#------ URIWORKERMAP DEFINITION -------------------------------------#--------------------------------------------------------------------#
#
# URI worker map settings
#
# [uri:/example/servlet/*]
# info=Prefix mapping
# [uri:/example/*.jsp]
# info=Extension mapping
#
[uri:/sm7/servlet/*]
info=Prefix mapping
24
[uri:/sm7/*.jsp]
info=Extension mapping
[uri:/sm7/*.do]
info=Extension mapping
[uri:/sm7/attachments/*]
info=Extension mapping
[uri:/sm7/cwc/nav.menu]
info=Extension mapping
[uri:/sm7ssl/servlet/*]
info=Prefix mapping
[uri:/sm7ssl/*.jsp]
info=Extension mapping
[uri:/sm7ssl/*.do]
info=Extension mapping
[uri:/sm7ssl/attachments/*]
info=Extension mapping
[uri:/sm7ssl/cwc/nav.menu]
info=Extension mapping
###########################################################
 In the worker.properties file replace the string <Tomcat root install dir> with
the actual Tomcat root installation directory and replace the string <Java JDK install dir> with the
actual Java JDK installation directory. Save the file and close it.
 In the \conf directory of the Apache http server installation, open the
httpd.conf file in a text editor and add the following parameters at the bottom :
### Tomcat 5.0 Connector ####
#
# All parameters that are to be loaded for mod_jk can be found
# in mod_jk.conf. But they can also be defined here.
include conf/mod_jk.conf
save the file and close it,
- go to the \conf directory of the Tomcat installation folder, and open the
server.xml file in a text editor, and change the following line :
<Connector port="8009"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
into
25
<Connector port="8009"
enableLookups="false" tomcatAuthentication="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />

Save the file and close it.
Step 13: Installing the mod_auth_sspi module and configuring it
 Open the mod_auth_sspi .zip file and from the \bin directory extract the
mod_auth_sspi.so to the \modules directory of the Apache http server installation.
 In the \conf directory of the Apache http server installation, open the
httpd.conf file in a text editor and add the following parameters at the bottom :
### SspiAuth Module ###
LoadModule sspi_auth_module modules/mod_auth_sspi.so
<Location "/sm7ssl">
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthType SSPI
SSPIAuth On
SSPIDomain <MYDOMAIN>
SSPIAuthoritative On
SSPIOfferBasic Off
SSPIPerRequestAuth On
require valid-user
</Location>

Replace the string <MYDOMAIN> with the name of the domain this machine is part of
 Go to the \bin directory of the Apache http server installation and start the
ApacheMonitor.exe program, this opens the Apache Service Monitor.
 Click on the Start ad verify that the Apache2.2 service is starting correctly
at the bottom of the window you should see all the loaded modules :
“ Apache/2.2.8 (Win32) mod_jk/1.2.26 mod_auth_sspi/1.0.4 “
Note: If the Apache Service Monitor is green, then Apache is correctly configured.
Step 14: Configuring Internet Explorer 6.x
26
 Start the Internet Explorer browser on the machine, on the menu bar click on
Tools and select Internet Options
 Select the Security tab, select the Local Intranet content zone, and click on
the Sites... button.
- Add the following address to the list of trusted web sites : http://<Fully Qualified Domain
Name of this machine> by click on Advance button in the next screen.
27
Add the below entire
Note: Make sure that the "Require server verification (https:) for all site in this
zone" option is not selected.
 On the Security tab page, select the Local Intranet content zone, and click on
the Custom Level... button.
28
- At the bottom on the User Authentication Logon section, select the following
option : Automatic logon with current username and password.
Step 15: Testing the Trusted Sign-on Web client
29
 Create a web page shortcut that points to : http://<Fully Qualified Domain Name of this
machine>/sm7/index.do and test to see that the normal web client is running via the Apache http
server.
Note : If everything works, you should see the login page of Service Manager 7.0x,
 Create a web page shortcut that points to : http://<Fully Qualified Domain Name of this
machine>/sm7ssl/index.do and test to see that the Trusted Sign-on web client is running via the
Apache http server.
Note: if everything works, you should log in automatically, and see the To Do Queue
of Service Manager 7
30