search cancel

Change the OpenAPI redirect to Performance Center SSO service

book

Article ID: 145980

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

When logging into the Data Aggregator Odata OpenAPI Query Builder web UI the log in request is redirected to the Performance Center SSO service for user authentication.

The redirect goes to the IP address of the Performance Center server. How can we change this to point to the host name of the server?

Environment

All supported Performance Management releases

Cause

The current redirect goes to the Performance Center server IP address. Site requirements demand use of host name.

Resolution

The IP or Host Name used by the Data Aggregator (DA) for user authentication against the Performance Center SSO service for OpenAPI access is passed to it from Performance Center (PC).

We can see the value in the PC server via the SsoConfig command. It's the 'Web Service Host' value seen by taking the following steps:
  1. Open a terminal to the PC server.
  2. Go to (default path) /opt/CA/PerformanceCenter.
  3. Run the command:
    • ./SsoConfig
  4. Enter option 1. for Performance Center.
  5. Enter option 3. for Performance Center.
  6. The 'Web Service Host' entry is the one the DA uses.
To change the value to a different one, starting at step 5 above:
  1. Enter 1. for Remote Value.
  2. Select to update option 2. for 'Web Service Host'
  3. Enter the new value we want to set
  4. Choose to Update it.
  5. Set the value.
We can see the value currently set on the DA for use at the following URL. It's found in the <NpcHostName> value. Use this to check current value, and to confirm when the update is made to change it to the new value.


Once the change is made via the SsoConfig command we need to wait for both a Global Sync in PC, and an Incremental DA Sync, before seeing the <NpcHostName> entry get changed on the DA.

Additional Information

Notes:

  • Can use a valid route-able and resolvable value for the PC host for 'Web Service Host' value. Can use:
    • IP address
    • Short Host Name
    • Long Host Name, aka FQHN or FQDN
  • The DA must be able to resolve the new value set, whether using IP, short or long host name, so it can validate odata credentials via direct api calls.
    • Without this those scripted API calls we saw posting to the Odata log will start failing.
  • It's critical to make sure /etc/hosts or DNS on DA can resolve to the internal IP of PC.
  • The end user must also be able to resolve the value used from their local desktop.
    • It must be able to reach the SSO service to authenticate their user log in.