> Expert > End User Access > Web Console > Administrators > Authentication > CAS Integration

Enabling Single Sign-On with CAS for Huawei FusionCloud

You can enable single sign-on for Huawei FusionCloud users.

Before You Begin

  • Gather the following information:

    • The URL of the CAS server for your Huawei FusionCloud deployment.

    • The URL of the Huawei FusionCloud API that returns user information.

    • The URL of your Web Console.

    • The IP address of your Web Console client.

  • You must have access to the ManageOne platform for your Huawei FusionCloud deployment.

  • You must be able to log in to the CommServe commputer and run qscripts from the command line interface. For more information, see QScripts on the Command Line.

Procedure

Perform all of the following tasks from your CommServe computer.

Add Huawei FusionCloud as a Third-Party App in Your CommCell Environment

  1. Download the XML template file for adding the third-party application.

  2. In the XML template file, enter the value attribute of each <nameValues> tag with the appropriate value for your environment:

     
    ...
<props> <nameValues name="casServerUrl" value="cas_server_url_value" /> <nameValues name="manageOnePortal" value="manage_one_portal_value" /> <nameValues name="serviceUrl" value="service_url_value" />
</props>
...

    where:

    • cas_server_url_value is the URL of the CAS server for your Huawei FusionCloud deployment

    • manage_one_portal_value is the URL of the Huawei FusionCloud API that returns user information (such as https://api_ip_address:port)

    • service_url_value is the URL of your Web Console (such as https://web_server_url/webconsole)

  3. Open a Command Prompt window, log in to the CommServe host with qlogin, and then run qoperation execute as follows:

     
    software_installation_directory\Base>qlogin
Enter User Name: username
Password: password
User logged in successfully
     
    software_installation_directory\Base>qoperation execute -af "xml_input_file_path"

    where:

    • software_installation_directory is the path to the Commvault software on your computer (for example, C:\Program Files\Commvault\ContentStore)

    • username and password are the CommCell credentials

    • xml_input_file_path is the path to your XML input file.

Add the Web Console Client IP Address to the ManageOne Whitelist

  1. Open the ManageOne deployment platform in a web browser.

  2. For the MOLoginAgentWebsite environment and the IAMAuthWebsite microservice, deploy and add the IP address of the Web Console client to the TRUSTED_IP parameter.

    For more information, refer to the Huawei documentation.

Export a Certificate for FusionCloud

  1. In your web browser, go to the URL of the Huawei FusionCloud API that returns user information.

    Note

    The URL is the same as the manage_one_portal_value attribute in the XML input file.

    A warning dialog box appears.

  2. Click Certificate (Invalid).

    The Certificate dialog box appears.

  3. Click the Details tab, and then click Copy to File.

    The Certificate Export Wizard dialog box appears.

  4. Click Next.

    The Export File Format page appears.

  5. Select Base-64 encoded x.509(.CER), and then click Next.

    The File to Export page appears.

  6. In the File name box, enter a name for the file, and then click Next.

    The Completing the Certificate Export Wizard page appears.

  7. Click Finish.

Import the FusionCloud Certificate to Your CommCell Environment

  1. Open a Command Prompt window and go to software_installation_directory\CVJRE\lib\security.

  2. Run the following command:

    keytool -import -alias alias_name -keystore cacerts -trustcacerts -file "path_to_certificate_file"

    where:

    • alias_name is the unique key used to identify the certificate

    • path_to_certificate_file is the path to the file that you exported using the Certificate Export Wizard

Loading...