Configuring the Presentation Server to use HTTP
By default, Remedy Single Sign-On (Remedy SSO) and TrueSight Presentation Server are installed in HTTPS mode. If you want to change this to HTTP, modify the security settings both in Remedy SSO and TrueSight Presentation Server as explained in the following section:
To configure Remedy SSO to use HTTP
Do the following:
- Log in to the Remedy SSO host computer, and navigate to the following directory:
- (Windows): <installationDirectory>\rsso\tomcat\conf
- (Linux): <installationDirectory>/rsso/tomcat/conf
Edit the web.xml file, comment the following part, and save the file:
The commented code lines:
<!--
<security-constraint><web-resource-collection>
<web-resource-name>Secure context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
-->
Edit the server.xml file, delete the
redirectPort
parameter from the following code line, and save the file:The code line after deleting the
redirectPort
parameter:<Connector connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="2048" port="8088" protocol="HTTP/1.1"/>
- Navigate to the <Remedy SSO Installation Directory>\rsso\bin directory, and restart the Remedy SSO server by running the following command:
- (Windows)
rsso.bat server start
- (Linux) ./
rsso server start
- (Windows)
To configure TrueSight Presentation Server to enable HTTP mode
Do the following:
Note
The TrueOps mobile app requires the HTTPS mode for access. If you configure the TrueSight Presentation Server for HTTP mode, you cannot use the TrueOps mobile app.
Log in to the Presentation Server host computer, and navigate to the following directory:
- (Windows): <Presentation Server installation directory>\truesightpserver\modules\tomcat\conf
- (Linux): <Presentation Server installation directory>/truesightpserver/modules/tomcat/conf
In a text editor, edit the \web.xml file and comment out the
security-constraint
section so that it reads as follows:<!--
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
-->
- In a text editor, edit the <Presentation Server installation directory>\truesightpserver\modules\tomcat\conf\server.xml file:
Modify the following line:
<Connector connectionTimeout="20000" enableLookups="false" port="80" protocol="HTTP/1.1" redirectPort="443"/>
Then, remove the redirectPort information and copy the compressableMimeType, compression, and compressionMinSize property information from the HTTPS connector so that it reads as follows:
<Connector connectionTimeout="20000" enableLookups="false" port="80" protocol="HTTP/1.1" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json" compression="on" compressionMinSize="1024" />
Note
The default port for Windows is 80 and Linux is 8080. If you specified a custom port during installation, enter that port number instead.
Comment out the following line so that it reads as follows:
<!-- <Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,
TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,
TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"
clientAuth="false" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json" compression="on" compressionMinSize="1024" keystoreFile="C:/Program Files/BMC Software/TrueSightPServer/truesightpserver/conf/secure/loginvault.ks" keystorePass="changeit" maxThreads="150" port="4435" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLSv1.2" useServerCipherSuitesOrder="true"/>
-->
From the <Presentation Server installation directory>\truesightpserver\truesightpserver\bin folder, use a command prompt to run the following commands:
tssh properties set tspsPreferredWebServiceProtocol http
tssh properties set tsps.xsrf.cookie.secure false
If you want to use the TrueSight console to deploy and install packages on a PATROL Agent, from the <Presentation Server installation directory>\truesightpserver\truesightpserver\bin folder, use a command prompt to run the following command:
tssh properties set server.port.websrv.protocol http
- (Fresh installation only) In a text editor, edit the <Presentation Server installation directory>\truesightpserver\conf\ha\ha.conf file and add the following line:
ha.server.protocol=http
- Restart the TrueSight Presentation Server.
On each Infrastructure Management server connected to the TrueSight Presentation Server, set the following properties In the <Infrastructure Management installation directory>\pw\custom\conf\pronet.conf file:
tsps.tsim.http.enabled=true
pronet.xsrf.token.secure=false
- On each Infrastructure Management server, reload the newly updated properties of the Infrastructure Management server running the
pw
jproperties reload
command.
Comments
Log in or register to comment.