HPE Software Products: Cloud Service Automation Practitioners Forum
Share |

Handling Mulitple Transaction in HPE OO from HPE CSAOpen in a New Window

Dear Experts,

We have designed a service offering for VMWare to provision servers. The user can request mulitple servers in a single offer. when he does so for example if the user request 3 servers we see that CSA is calling the underlying workflow 3 times at the same time. Is there any mechanism within CSA or OO using which we can call the underlying oo workflow with some time difference or the better solution will be to issue the 2nd request when the first is completed and so on.

Hope to hear from you soon. 

we are using csa 4.8 and OO 10.70



Software Content on HPE Enterprise Community in Read-Only May 9 - 15Open in a New Window

Software Content on HPE Enterprise Community in Read-Only May 9 - 15

As you may have seen in the last few months, Hewlett Packard Enterprise is combining some software assets with Micro Focus. As part of this spin-merge with Micro Focus, a new Software instance of an online community will go live on May 16, 2017.

All boards within the current Software category will be located to a new community. All URLs will redirect to the new community. All current users will be migrated to the new community as well. Please be sure to update your bookmarks after May 16.

As part of the migration to a new Software instance, all software content will be in read-only mode from May 9 – 15. We apologize for any inconvenience.

We will continue to provide further updates in this News board.


HP Codar 1.0.0 Version trial download linkOpen in a New Window

HP Codar 1.0.0 Version trial download link


CSA Integration with Service Now for ApprovalsOpen in a New Window


    What is the best way to have Service Now as approval mechanism for CSA catalog service requests?

The customer requirement is that, once the CSA user initiates a subscription from catalog, before executing the OO flow, a service incident needs to be created in ServiceNow (which is an approval request). Once the request is approved in ServiceNow, the OO flow can kick start the actual workflow.

We have figured out the way to create a service incident in Service NOW using REST API from OO. And may be we can retrieve the status of the request by polling.

But how can such a workflow be implemented in the context of CSA + OO?

Any recommendations appreciated.


May 23rd: CSA Online Expert day !Open in a New Window


Hello Everyone,

Cloud Service Automation  is hosting an Online Expert Day on May 23rd, 2017! Mark this on your calendars!


If you are a customer with a support contract, then we would like to invite you to join us Cloud Service Automation Support Customer Forum on May 23rd, when HPE product Experts will be online for 24 hours to answer any questions regarding:

Any topic

Event start time: May 22nd at 5:00 PM Pacific Daylight Time / 8:00 PM Eastern DaylightTime   / 0:00 AM Greenwich Mean Time (February 23rd)

Event end time: May 23rd at 5:00 PM Pacific Daylight Time / 7:00 PM Eastern Daylight Time / 0:00 AM Greenwich Mean Time (February  24th)


What is an Online Expert Day?

Online Expert Day is an event when HPE product, R&D, and Support team members and other employees join our online forums to answer your toughest technical questions. Online Expert Days give you a chance to talk directly with the HPE Experts!


How does the Online Expert Day event work?

HPE Experts will be online for 24 hours in the forum and will do their best to answer your questions. They may need to get some more information from you so please check the box "email me when someone replies". An online conversation will be born!


To participate, you do need access to the Cloud Service Automation Support Customer Forum if you don’t have access, please add your Support Agreement ID (SAID) to your HPE Passport profile and log in again.


To check this please do the following:
•Go to: https://softwaresupport.hpe.com/group/softwaresupport/settings
•Login using your HPE Passport credentials
•Check to see if your SAID is listed and active. This is important.
•If not, please add it


If you have a valid support contract and are still experiencing issues afyer checking it or adding it, please send an email to swcommunity@hpe.com .

For more information on our Support Customer Forums and how to add your Support Agreement ID (SAID) to your HPE Passport profile, please click here

For upcoming Online Expert Days, please bookmark the HP Software Online Support Services - Forum events page.

If you have questions regarding the Online Expert Day event, please reply to this message.

We look forward to your attendance and your questions!


HPE Software


No ProcessDefinitionTool in Codar 1.80 [HPE_Codar_1.80_Linux_MLU_H7068-15009.zip Install]Open in a New Window

Hi All,

I'm new with codar, so installed with embedded OO and Postgresql on a ubuntu system.

all seems to be working fine in front-ends (even if some errors occure and restart in right order must be done of components as codar, central and designer).

I can develop my flows in studio, import content packs in central, but how do I get them in codar (csa)

in my installation under codar/Tools there is no "ProcessDefinitionTool " directory.


thanks in advance


I need help regarding HPE CODAR insatallation on windowsOpen in a New Window

Hello everyone,

Today i tried to install HPE CODAR on my windows and after installtion some error occurs :error while installtion completederror while installtion completed

Here, the error according to log is given below:

install_error.loginstall_error.logWhen i tried to access the console with : https://localhost:8444/csa  ,  i go error like: Capture.JPG


 Please help me how to solve this problem. If you need need any information regarding installables then please ask me, hope i will get best solution here.

Thanks & Regards,

A. Ranjan









[CSA 4.6] Dynamic Dropdown for subscription actionsOpen in a New Window


We have a use case where a subscription is bound to a VM, The VM is added to a backup system and we have a dynamic script which can list the restore points for that VM from the backup system. We would like to present the dynamic dropdown of restore points to the customer via subscription actions, so they can choose a restore point to apply to their subscription. this would then trigger a flow to overwrite the existing vm with the selected restore point.

I can see that there is the provision for Actions to take parameter input (via the API) but so far have not found any references in documentation on the capabilities of this functionality.

Is this something that can be done?


Custom Validation for Input StringOpen in a New Window


I am using HP CSA 4.50.
I am trying to implement something which seems challenging.
I want to validate an input string on the MPP via a script to inform that it is unique and can be used.
Because I will use that string for creating a fqdn. I think to do it via a REST call or DNS query if possible.
There is a functionality for dynamic lists, I can run a script when a user clicks an offering.
I would like to ask that, is there any possibility to use a similar functionality for validation?
As the user enter new characters, script will run and it will return true or false according to the result of the script. By the way the text box will be red if that string exists.



Dynamic List Refresh Timeout for OfferingOpen in a New Window


I am using HP CSA 4.50.
I using dynamic list for a property. The list contains company names selected on MPP .
I have added a new jsp , which is getting the list from a remote server over HTTP GET and returns as XML.
I have published that offering on MPP.
When a MPP user clicks on that offering, the property which contains dynamic list is loaded from the remote server with the company names.
But then when the user returns the home page of the MPP and then clicks on that offering again this time list is not loaded from remote server.
I think a list returns which is holding on CSA cache.
But a couple of miutes later I can see the updated list on the next try, because CSA asking the list from remote server.
I guess there is a timeout for this. I have looked at the documents related with this and also Apendix A, but could not find information.

Could you please inform me what is the value of the timeout for this?



Best way to execute a process definition on subscription failure?Open in a New Window

Hi all,

I am trying to build a design in CSA v.4.5, which could be able to execute a certain flow on subscription failure. I wanted to consult with you on what would be the best way to achieve it? I will give an use case example to clarify my needs.

I have a design that deploys a vSphere VM, based on the OOTB design of vSphere VM deployment, but with additional resource offerings I created that configure the machine. The main resource offerings that do the deployment tasks are configured on the Server component. Some of the resource offerings are configured to terminate the subscription if the flows that are executed by the resource offerings fail. What I want is, if one of these flows fail and a subscription is terminated, to execute another flow, that possibly takes the error code and some properties that are defined on the Server component in the design, and execute a number of defined tasks (such as sending an Email, moving some files on a defined location etc).

Please advise on what would be the best way to approach this, hopefully without changing the flows in OO.



Trouble retrieving X-Auth token for CSA Consumption APIOpen in a New Window

I'm using the Usage of REST API’s in CSA 4.1 guide to attempt to retrieve the X-Auth-token that I need for subsequent calls. The instructions seem simple enough but I'm having trouble receiving the token. I may not be using the correct information in the JSON payload.

Generate X-Auth token for REST transactions
All consumption rest calls needs to include X-Auth-token as http header variable to authorize with CSA. The following
provides the steps to fetch auth token from CSA IDM server. Also this section provides the http headers that are required
for every CSA4.x consumption REST call hereafter.
Content-Type application/json
REST URL https://<CSAFQDN>:<port>/idm-service/v2.0/tokens
Payload {
"passwordCredentials" : {
"username" : "consumer",
"password" : "cloud"
"tenantName" : "CSA_CONSUMER"
Response Id(X-Auth-token): as highlighted in the Figure below


I'm using SOAP UI on a server hosting CSA. I also included my integration user account in the Authorization header so I can confirm I am allowed to make the call.


"passwordCredentials" : {
"username" : "admin",
"password" : "pass123"
"tenantName" : "CSA_CONSUMER"

I'm getting a Bad Credentials error:



<body>Bad credentials</body>

The username and password are correct but perhaps the payload is not expecting the same user as the one on the integration account list? Maybe my tenant name is incorrect? What is the tenant name exactly?

What should I do?



Provider Type and Active DirectoryOpen in a New Window


I begin with CSA and OO so, I have a lot of questions this week.

I understand how use provider and provider type in CSA. By example, we define our Vcenter with the provider type "VMware Vcenter" and we can use it on all workflows in OO. If the vcenter change, I juste modify parameter from the provider Vcenter in CSA.

So, I want to do the same thing with other provider type which are not defined by default in CSA. I want to register an Active Directory Provider type but firstly I don't know if it's possible ans secondly, I don't know which URL I have to put in provider type. I try ldap://fqdn:389, is it ok ?



Problem When Deleting Component From Topology DesignOpen in a New Window


I am using HP 4.50 .

I have a desing which includes a  topology component assigned from Designer Tab .

I have created an offering based on that and several services with that design from BYP. Then I have undeployed services (there is no garbage behind) . I have removed offering.

Then, when I want to delete the component from Designer tab, I receive below error. Could you please help me what may cause this problem?

Error: failed to update the graph: Unable to modify read-only artifact 'KBK' (com.hp.ccue.common.options.dao.dao-exception:exception.dao.unable.to.modify.artifact)





[SOLVED] Certificate and HPE Operation OrchestrationOpen in a New Window


I follow this guide : "Operations Orchestration Software Version: 10.70 Windows and Linux Operating Systems OO User Guide".

I try to install certificate to not have warning certificate on my web browser with the OO homepage. I don't understand step 4 from chapter Replacing the Central TLS Server Certificate (p. 322). I understand that I convert a .cer certificate (or .pem) in a PKCS12 format. However, I don't know what the private key "inkey" is. Where can I find it please ? How did it generate ? I don't know what is name in the same command.

The command : openssl pkcs12 –export –in <cert.pem> -inkey <.key> -out <certificatename>.p12 –name <name>



Edit : Finally, I didn't follow the guide. I reproduce about the same procedure that in CSA guide.

I delete the alais tomcat from the store key.store :

keytool.exe -delete -alias tomcat -keystore e:\HPE-OO\central\var\security\key.store

I generate a keypair with keytool :

keytool.exe -genkeypair -alias tomcat -validity 1825 -keyalg rsa -keysize 2048 -keystore e:\HPE-OO\central\var\security\key.store

I generate a CSR for my internal authority :

keytool.exe -certreq -alias tomcat -file e:\Certificat\tomcat_csr.txt -keystore e:\HPE-OO\central\var\security\key.store

I download the CER certificate from my authority in answer to the CSR demand. I download th eroot certificate authority too.

I import the twice in my keystore with beginning by the root certificate :

keytool.exe -importcert -alias root -file e:\Certificat\oorootca.cer -trustcacerts -keystore e:\HPE-OO\central\var\security\key.store

Start OO Central

NB : Previously, I added too the root certificat ine the store client.trustore

keytool.exe -importcert -alias oorootca -keystore e:\HPE-OO\central\var\security\client.truststore -file e:\Certificat\oorootca.cer




I follow instructions from the 4.70 CSA Configuration Guide for install certificates on my server. I follow this :

  • Configure CSA to Use an Internal Certificate Authority-Signed Certificate

For the CSA portal, it works fine, I haven't ths certificates warning message with my browser.

For MPP, it crashes. I haven't the certificate warning message but I have this (with a an image like a lightning) :

Service non disponible.

Une erreur s´est produite lors de la connexion au service. Veuillez réessayer ultérieurement.

In English : Service unavailable. Error during service connection. Try again later.

When I look logs messages from HPE-CSA-HOME/portal/logs, I find :

{"level":"error","message":"Error retrieving organization CONSUMER 503 Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN\n    at Request.onRequestResponse (E:\\HPE-CSA\\portal\\node_modules\\mpp-server\\node_modules\\request\\request.js:890:24)\n    at ClientRequest.emit (events.js:107:17)\n    at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:426:21)\n    at HTTPParser.parserOnHeadersComplete (_http_common.js:111:23)\n    at TLSSocket.socketOnData (_http_client.js:317:20)\n    at TLSSocket.emit (events.js:107:17)\n    at readableAddChunk (_stream_readable.js:163:16)\n    at TLSSocket.Readable.push (_stream_readable.js:126:10)\n    at TCP.onread (net.js:540:20)","timestamp":"22 Mar 2017 03:44:58,715"}

I don't know where is the origin of this error.

An extract of my mpp.json (I erase some private informations) :

  "provider": {
    "url": "https://FQDN:8444",
    "contextPath": "/csa/api/mpp",
    "strictSSL": true,
    "TLSVersions": "1.2",
    "ca": "HPE-CSA-HOME/certificates/csa_ca_signed.cer"
  "idmProvider": {
    "url": "https://FQDN:8444",
    "returnUrl": "https://FQDN:8089",
    "contextPath": "/idm-service",
    "username": "idmTransportUser",
    "password": "ENC(XXX)",
    "strictSSL": true,
    "TLSVersions": "1.2",
    "ca": "HPE-CSA-HOME/certificates/csa_ca_signed.cer"
  "https": {
    "enabled": true,
    "options": {
      "pfx": "HPE-CSA-HOME/portal/conf/.mppkeystore_ca_signed",
      "passphrase": "ENC(XXX)",


It's not my passphrase because when I try a false password, I have the certificate warning on my browser.

Can you help me please ?



CSA SAML Integration Example, Need SupportOpen in a New Window

Dear Team,

we are trying to do SAML integration, we have followed Configuration guide CSA 4.8 starting from Page 254.,

we have created first Rule #1 257  as it's mentioned, i have concern for outgoing Claim , as since we try to access CSA through SAML it give access denied.


c:[Type ==


Issuer == "AD AUTHORITY"]=> issue(store = "Active Directory", types =

("Group"), query = ";tokenGroups;{0}", param = c.Value);


we even tried with Rule#2 , 258 Step 9 -

For the LDAP attribute, select Token-Groups – Unqualified Names  >>> is that suppoed to be mapped to outgoing to anything ?!

I have to say that we see that documentation is confusing in that part, at least it should give sample configuration for that area.


Did anyone done that integration before?



Cannot retrieve Subscriptions from CSA REST APIOpen in a New Window

I'm trying to retrieve Subscriptions from a Subscriber, following this guide: http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=5271084&docLocale=en_US&docId=emr_na-c04220392. I'm using SoapUI 5.0.3 to test the responses.


Unfortunately, my call keeps timing out. Would this be because there are a large number of subscriptions per subscriber? I set the timeout limit to maximum but nothing is ever returned.

My call is formed like this:


Is there a way to limit the query to only return 1 subscription, so that the request doesn't time out? Or is my call not formed correctly?


Problem When Login to MPP with Email AdressOpen in a New Window


We are using HP CSA 4.50.
We are using Ldap for authenticating users and we had decided using email instead of username while logging to MPP.
For this, we have changed Organization's LDAP "User Search Filter" area to mail={0} .
User can successfully login to MPP create services.
But, when a consumer organization administrator wants to check a user's subscriptions from MPP, user receives error written in mpp log :

"messageKey":"Svr.mppUserNotInSession","description":"Cannot get current user in session. Check that X-Auth-Token is valid.","httpStatusCode":403,"level":"error","message":"Error retrieving subscription list 403","timestamp":"15 Mar 2017 10:06:52,058"

I have digged in to a little bit the mpp ui code and saw that email address encoded for POST uri. Because it contains @ sign, I guess it is encoded twice while sending this to CSA.

I want to ask that is this a BUG or you do not consider that username contains @ sign?

Could you give an urgent answer as this is an importan problem for our production? Otherwise we will switch using regular usernames.



CSA - HPE CSA Remote Console Minimum resource RequirementsOpen in a New Window

Hi all

Please let me know minimum resource requirements for "HPE CSA Remote Console"



Contact Us

Vivit Worldwide
P.O. Box 18510
Boulder, CO 80308

Email: info@vivit-worldwide.org


Vivit's mission is to serve
the Hewlett Packard
Enterprise User
Community through
Advocacy, Community,
and Education.