WLC CT-5508-HA-K9 HA SSO or HA N+1 with Pi 1.2

Similar Messages

• Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license.

  Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license. I want to deploy the AP in the same location.

  Go HERE:  https://supportforums.cisco.com/discussion/12219106/high-availibility-2500

• SSO Enabling a custom application with OAM

  Hi All !
  Am a bit stuck on a problem and need some urgent help. Actually we are trying to launch some custom-built (J2EE/.NET) web applications from the Oracle Portal with SSO i.e. once the user logs into the portal he would not have to log-in again to the applications which would be launched from the portal home page.
  We have successfully integrated the Oracle Portal with the OAM SSO, but facing some problems with SSO enabling the custom applications. Any help on what should be the ideal integration architecture and approach for SSO enabling the apps with minimum amount of modification of the application code.
  The licenses are available for OID, OVD, OAM.
  Thanks in advance. Any views/comments/links to useful material appreciated.
  Cheers
  Soumak

  If your custom application uses its own database for Authentication, then you have to modify the login process for your application. i.e. you have to trust the OAM to have done the authentication and then create any custom cookie that your application might use in its landing page.
  I am assuming that your custom application have some way of tracking if the user has logged in or not. You can protect the Custom application URL within OAM and once the user has logged in you can then generate your custom application cookie.
  Even if you use OVD, you stil have to modify login process in your custom appliation to trust the third party to have done the authentication.
  Thanks
  Ram

• SSO Configuration : Dual Stack Installation with same SID

  Dear SDN users
  We upgraded our BW system to 2004s with  Java add-in installation. We used same SID for ABAP and Java stacks. I could not find a good document to configure SSO between ABAP and JAVA with same SID installation. I would appreciate if you can provide a link to the document or give me sequence of steps to be executed.
  I am aware of note 917950 and 888687.
  Thanks in Advance
  V Reddy

  Chetan
  We are done with upgrade. Currently we are using SSO with UIDPW. I would like to configure SSO using certificates..
  If I remember correctly instguides suggest to run template installer. I did use template installer but it fails in some steps as we have same SID for ABAP and Java. I manually configured all the steps using instructions from " SAP Nw2004s BEx WEb System Landscapes" published by Tobias Kaugmann. Still no luck.

• SSO to BSP using NTLM with application parameters

  Hi all,
  As part of the CRM activity, the customer's system sends out an email to a user with a link pointing to a bsp. Part of the url is the call id which the bsp needs to display.
  The customer does not wish for the users to input user/pass when accessing the bsp.
  According to documentation, NetWeaver supports only SAP logon tickets and X.509 SSO methods(http://help.sap.com/saphelp_nw04/helpdata/en/02/
  d4d53aa8a9324de10000000a114084/content.htm).
  Found this thread that suggest a workaround:
  BSP without logon?
  Seems like it should work, but ITS forwards to a static URL.
  Any ideas on how I can make sure that after the whole sso process is complete, the bsp will still remember which call-id it needs to display?
  Regards,
  Eric

  The goal is to have the changes made inside the bsp recorded to the logged in user. So one user for all is not applicable.
  After fiddlig around with the forwarding settings and the ITS, I managed to get this thing working. Almost.
  When I access the BSP url, it gets forwarded to and from the ITS and I get a SSO2 ticket. However, when it comes back from the ITS I get a http 404 error page. If I refresh that page, the BSP loads fine, with the transferred parameters and the correct user.
  Can't get my head around why it gives me a 404.
  Eric
  Message was edited by: Eric Labiner

• SSO protected Forms application fails with an OID error.

  Hello everyone,
  I have a fresh install of Oracle Application Server 10.1.2 on RedHat Enterprise Linux 4. No patches were installed yet.
  I've setup Forms to use the Single Sign-On server (SSO). Then created a user with a Resource Access Descriptor (RAD) in the Oracle Internet Directory (OID). I can successfully use the Forms application when I'm not using the SSO.
  However, problems arise when I set the Forms application to use SSO. Once I get authenticated, the application.log files fills up with the following lines:
  07/05/08 16:30:38 formsweb: In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
  07/05/08 16:30:38 formsweb: In doRequest method in ue.isNamingException
  07/05/08 16:30:38 formsweb: Redirecting to DAS to update the resviewer list
  07/05/08 16:30:38 formsweb: UserID is NULL redirecting to DAS
  07/05/08 16:30:38 formsweb: Forms Group DN"cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContext"
  07/05/08 16:30:38 formsweb: The DAS URL generated: http://osielle.notarius.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo?resKey=testrtm&resType=oracleDB&resViewer=%22cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext%22&doneURL=http%3A%2F%2Fosielle.notarius.com%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dtestrtm%26form%3Drtminit.fmx&cancelURL=http%3A%2F%2Fosielle.notarius.com
  While $ORACLE_HOME/ldap/log I see some new log files created which also contain erros. Such a log file is oidldapd01s3739.log and contains these lines:
  BEGIN
  2007/05/08:14:37:13 * ServerWorker (REG):7 * ConnID:194 * OpId:5235 * OpName:modify
  ERROR * gslsbzCheckDupAttrValinEntry : Normlztn failed for "cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContext"
  END
  I've RTFM a lot about this but I still can't find a way to fix this. I've found some info in Metalink Note 360341.1 "In Getuserid Method: Caught Error When Logging Into Forms With SSO Enabled". Unfortunately, my formsweb.cfg file is already setup as the workaround that it proposes, so that doesn't help.
  It seems like the attribute "orclresourceviewers" does not get created when the RAD is generated? One of you (Sandeep I believe) suggested that it may have to do with a lack of an OID Index and that I should use catalog.sh to fix this. I unfortunately don't know how to proceed.
  I've also opened a TAR, but Oracle Support doesn't seem to understand what's going on.
  Any ideas anyone?
  Many thanks,
  David

  Hi everyone,
  Alright, I solved the problem. It seems like the OID is very very very picky with the formsweb.cfg syntax. Especially with the quotes: don't use them!
  For example, I had set the oid_formsid & formsid_group_dn values between double-quotes. Removing them fixed the error.
  Here's an RCS output from the modifications.
  [[email protected]] server {1008}$ rcsdiff formsweb.cfg
  ===================================================================
  RCS file: RCS/formsweb.cfg,v
  retrieving revision 1.10
  diff -r1.10 formsweb.cfg
  208c208
  < oid_formsid="formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635"
  oid_formsid=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635214,215c214
  < # formsid_group_dn=%GROUP_DN%
  < formsid_group_dn="cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=Forms, cn=Products, cn=OracleContext"
  formsid_group_dn=cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContextHTH,
  David

• SSO to Crystal enterprise eportfolio with SAPLOGONTICKET

  Hi
  We have setup Crystal Enterprise V10 to SAP Authentication and we are able to connect to Crystal eportfolio with SSO from EP6SP2 app integrator based iview without any problem, by giving R/3 userid, password via usermapping.
  We have loaded verify.der from EP6SP2 in SAP R/3 and SAPLOGONTICKETS are working fine with other ESS iviews.
  However for the Crystal eportfolio app integrator based iview if we change the logon method from UIDPW to SAPLOGONTICKET we are  getting the login screen from Crystal eportfolio prompting for userid/password. 
  We have loaded verify.der in SAP R/3 and SAPLOGONTICKETS are working fine with other ESS iviews.
  These are our settings on the app integrator based iview in EP6SP2:
  URL template:
  <System.protocol>://<System.server><System.uri>?<Authentication>
  URL template fraction for SSO2:
  MYSAPSSO2=<Request.SSO2Ticket>
  URL template fraction for usermapping:
  usr=<MappedUser>&pwd=<MappedPassword>&aut=secSAPR3
  Required instance profile parameters on R/3 were set correctly, and all servers are referred with their FQDN.
  Did we miss anything else that is specific to Crystal eportfolio? Has anyone successfully connected to Crystal eportfolio V10 from EP6SP2 using SAPLOGONTICKETS ? Appreciate if someone can share their experience.
  Thanks
  Nagesh

  Hi Ingo
  Thanks for your response.
  1. URL that I am calling from inside the 'App Integrator' iview to access Crystal eportfolio is:
  Name of the server:
  <hostname>.<domain>.com
  Protocol of target system:
  HTTP
  URI of Web Application:
  /crystal/enterprise10/sap/ePortfolio/en/logon.csp
  URL template fraction for Single Sign-on (SSO2):
  MYSAPSSO2=<Request.SSO2Ticket>
  2. URL of the Portal:
  http://<portal_hostname>.<domain>.com
  In both the above URLs, the <DNS domain> is same.
  3. Log on to standalone eportfolio works perfect with 'SAP' Authentication.  SAP User can logon to eportfolio directly from the browser using SAP userid/password.
  For the above iview when SYSTEM is changed to UIDPW logon method it works perfect, and Portal user can get into crystal eportfolio from the app integrator based iview without any problem.
  Once the logon method ( SYSTEM property) for the above iview is changed to SAPLOGONMETHOD single sign-on is not working anymore and the user receives Crystal eportfolio login screen.
  Question is:
  a)  Can logon.csp file from Crystal handle SSO cookie coming from Portals and authenticate the user against SAP R/3, and let the user login successfully ??
  b) Is the URL template fraction for single sign-on (SSO2) given above is corrrect/complete?
  c) On support.businessobjects.com website I found that  this is a known problem for Crystal 8.5 with Track/Problem ID: ADAPT00094464 and fix was given via CE8.5 Service Pack-I.  Since we are running Crystal V10 I assume that this has been taken care of in the new release.  Is it not true? or is there seperate service pack for V10 too..?  Please let me know.
  Thanks in advance.
  Nagesh Seemakurty

• SSO to Non SAP Systems with SAPSSOEXT

  Hello,
  i have a Problem with the SAPSSOext Librarys.
  I write a small Programm that uses this librarys, but it wont work. So i try to Use the example, but the Example also not works.
  I DO:
  - Download SAPSSOEXT_0-10002921.zip, unzip it and Put the DLLs into /windows/system32
  - Download SECULIB54_XXXX.sar, unsar it and Put the containing files into /windows/system32
  Then i open an Command Window an write the following line in the direktory where the samples are:
  ssosample -i ..     icket.txt -p SAPdefault
  And now i get the following error:
  C:     mpssosampleC>ssosample -i ..     icket.txt -p SAPdefault
  Content-type: text/html
  Content-length: 248
  h1. Error!
  Your request cou
  ld not be processed. The error message is:
  The mySAP.com logon ticket cou
  ldn't be verified. The standard error code is 5. The SSF error code is 22.>
  C: mpssosampleC>
  Did anybode make the example run? I didnt see my mistake :-(.
  In a Second try i look into a debugger to look where the problems are. I think i cant initialice the sapsecu.dll. But it pot it definitly in the windows32 folder.
  Any hint is welcome, best Regards,
  Patrick
  Message was edited by: Patrick Höfer

  Hi Patrick,
  my code which in fact worked (with the versions you have named) is as follows:
  package com.mysap.sso;
  import java.io.ByteArrayInputStream;
  import java.security.cert.CertificateFactory;
  * This class provides wrapper functionality for SSO2Ticket (SAP Logon Ticket) in Java.
  * @version 1.0 30.11.2000
  public class SSO2Ticket
      private static boolean initialized = false;
      public static String SECLIBRARY ;
      public static String SSO2TICKETLIBRARY = "sapssoext";
      static {
          SECLIBRARY = "sapsecu.dll";
          try {
              System.loadLibrary(SSO2TICKETLIBRARY); 
              System.out.println("Lib geladen.");
              if ( init(SECLIBRARY) ) {
                  System.out.println ("SSO2TICKET initialized successful !");
                  System.out.println ("version: "+getVersion());
              } else {
                  System.out.println ("Implementation of JNI mysapsso2 not loaded. ");
          } catch (Throwable e) {
              System.out.println ("Error during initialization of SSO2TICKETn");
          System.out.println("static beendet.n");
       * Initialization
       * @param seclib location of ssf-implemenation
       * @return true/false whether initailisation was ok
      private static native synchronized boolean init(String seclib);
       * Returns internal version.
       * @return version
      public static native synchronized String getVersion();
       * eval ticket
       * @param ticket        the ticket
       * @param pab           location of pab
       * @param pab_password  password for access the pab
       * @return [0] = (String)user, [1] = (String)sysid, [2] = (String)client , [3] = (byte[])certificate
      public static native synchronized Object [] evalLogonTicket(
                                                                  String ticket,
                                                                  String pab,
                                                                  String pab_password)
          throws Exception;
       * creates ticket.
       * @return the ticket
      public static void main(String[] args) throws Exception
          System.out.println("start SSO2TICKET main");
          System.out.println("-------------- test version --------------");
          String version =SSO2Ticket.getVersion();
          System.out.println(version);
          String ticket = "... to be filled with an base64 encoded run time ticket ...";
          try {
              Object o[] = evalLogonTicket(ticket, "c:\download\verify.pse", "");
              System.out.println("The User ID is:          " + (String)o[0]);
              System.out.println("Issuing System (Sysid) : " + (String)o[1]);
              System.out.println("Issuing System (Client): " + (String)o[2]);
              System.out.println("Certificate Bytes      : " + (byte[])o[3]);
              if (o[3] != null){
                      byte[] cert_ = (byte[]) o[3];
                      CertificateFactory cf = CertificateFactory.getInstance("X.509");
                      //X509Certificate cert = (X509Certificate)
                      cf.generateCertificate(new ByteArrayInputStream(cert_));
                   System.out.println(o[3]);
          } catch (Exception e) {
              System.out.println(e);
          } catch (Throwable te) {
                System.out.println(te);
  By <i>System.loadLibrary(SSO2TICKETLIBRARY)</i> sapssoext.dll will be loaded. By <i>init(SECLIBRARY)</i> the sapsecu.dll should be loaded (in fact by sapssoext.dll).
  Hope it helps (but I'm afraid that you have got more or less the same code at your site)
  Detlev

• SSO problem on Windows Mobile with WAS Java 7.0 and R/3 4.7

  We have a curious single sign-on problem with custom WM-app.
  The application is developed using WD Java and currently runs on WAS 7.0 SPS10. WAS makes calls to several RFC:s on 4.7 Enterprise and authentication is done using SSO.
  The enduser device is a handheld running Windows Mobile and the browser is a vendor (HHP) provided Mobile IE based HandHeldWeb. Because of the poor usability of the default login on handhelds we created a custom J2EE Web Application JSP which does the login to the WM-app.
  On a PC browser everything functions normally, but occasionally with the mobile device no data from R/3 is displayed. As if SSO didn't work. Sometimes, if transaction 1 doesn't work and the user comes out of it, then runs transaction 2 which makes an RFC call and then returns to transaction 1 it works. Sometimes..
  This problem does not occur on mobile device when the default login is used. And as stated previously, on a PC the custom login works fine.
  -Erno

  Hi,
  Currently SAP is selling the Software in Business Suite .
  If you are purchasing the SRM 7.0 .It will come as Business suite . It will contain
  1. SRM 7.0
  2.CRM
  3.PLM
  4.SCM
  5. ECC 6.0 wiht Eph 4
  When you are getting the ECC 6.0 in this package why to use  SAP R/3- 4.6C
  So better you upgrade both the SRM and R/3.
  I would like to know if SRM 7.0 and R/3 4.6C is compatible in first place.Will it work?
  It will work but in the long run you will get lot  of Problem.Since SRM 7.0 is Based on Webdynpro technology
  Regards
  G.Ganesh Kumar

• EP 7.0 SSO to BW 3.5 with SAPLOGONTICKET

  Dear All,
  We are trying to establish SSO between
  BW 3.5 ABAP SP18 (2005_1_640 release SP-9)and EP 7.0 Stand alone Java with SP11 , SAP Net Weaver 2004s.
  Ours is stand alone java system connected to a backend system.
  We were given a new requirement of creating a New Server to view BW reports but we are not able to establish SSO properly as it is asking for secondary login Whenever  any user logs in portal , its asking BW login again instead of directly displaying BW reports.
  I have cross checked all the possible errors ,the portal logon certificate is not expired and is authenticated also the user is also not locked at the backend system and browser cache is also refreshed. Also the system alias we defined for new server is different from the one in the old server also we have tried restarting the Portal server and dint help in solving the issue.
  Please help me as i need to close thisissue by EOD.
  Thanks &  Regards
  Pooja

  Hi Pooja,
  A couple of things which you might want to check to ensure things are in place.
  1. FQDN as mentioned above my Koti.
  2. When accessing STRUSTSSO2, while clicking on "ADD to ACL" or  "ADD to Certificate list" (not sure, has been a while now), it would ask you to enter the SID and client number, enter the SID of the EP system, (ex : EP7 ) and for the client enter 000
  3. Ensure that the ticket is shown in ACL and Certificate list in STRUSTSSO2
  4. Check for the RZ10 parameters as well.
  login/accept_sso2_ticket= 1
  login/create_sso2_ticket= 2 
  Icm/host is mentioned
  5. Ensure that after you are done with this, your restart both the servers.
  ( You can also add the entry for BW system in the host file of EP system, just to play safe.)
  Hope this resolves your issue.
  Cheers,
  Sandeep Tudumu

• SSO for Enterprise Portal 6 with different Portal and R/3 userIDs

  Hi there,
  We are using SNC library for SAP GUI logon to R/3 and SPNEGO for Web access to EP. What works for us currently is:
  SSO from Windows logon to Portal using SPNego (LDAP as our datasource with AD)
  However once we are inside the portal, the SSO to R/3 using SNC is not working. I have my Portal user mapped to my R/3 user as they are different usernames.
  But, if i launch SAP GUI on its own i can SSO into R/3 no problem.
  So, i have 3 queries here!
  1) Why am i not able to SSO into R/3 once i have SSO into Portal?
  2) Is there any way around the high maintenance of the user mapping?
  3) I have read on SAP Help about "Using an LDAP Directory Attribute as the ABAP User ID" but this will still require user / administrator to maintain the R/3 password.
  Is it possible to disable the R/3 password and thus have no maintenance as the R/3 (ABAP) User ID will be stored in LDAP attribute?
  Hoping you can help...
  Thanks.

  Answers below:
  1)
  When you say "ITS" I assume you are referring to the Integrated ITS in NetWeaver, not the external ITS product ?
  Anyway, if you are referring to Integrated ITS, then surely you are using webgui, not SAP GUI. The webgui is accessed via browser and is not related to SNC or SAP GUI product. The SAP GUI product is a Windows application that uses SNC to authenticate to SAP systems.
  If you are logged onto portal, which is a J2EE application and trying to access webgui which is running on ABAP Engine, then this might not work becasue your SSO2 trust is not setup correctly. Do you see an error in work process log saying anything about why the SSO2 ticket is not accepted ? Also, if ABAP and JAVA are on same system and Java Engine was installed as an add-in, you might need to create new SSO2 certificates to avoid a clash, and change client number from 000 to something else so SSO2 tickets issued in J2EE engine are differentiated from SSO2 tickets issued by ABAP Engine, but they are still trusted through configuration in STRUSTSSO2 t-code.
  2)
  You need to use a different product, which is available from a SAP partner to do this. I am not allowed to mention third party products on this forum, so if you want to know more you will have to contact me offline via email.
  3)
  See answer to question 2.
  Thanks,
  Tim

• SSO configuration in BOBJ 4 with Active Directory

  Hi Experts,
  Our client wants to implement the BOBJ on AIX 7.1 box with oracle 11G and wants to configure the Active Directory authentication for the BOBJ.
  BI 7.0 is already implemented on AIX. I have searched a lot to find the relevant document for the same but unable to do but I found the doc for BOBJ on windows with AD but not sure if the method is similar for the AIX box, Could you please help me to find out the required doc and explain me what should be our approach to configure the same
  Also , Is it possible that if we configure the AD authentication for SAP BI and then used the SAP authentication in BOBJ side with importing the SAP role and BOBJ transports in SAP. Will BOBJ work for the user created in BI ?
  Kindly suggest.
  Regards
  Saurabh mishra

  Thanks Tim,
  Actually I haven't worked on the AD and LDAP side so can you please elaborate your sentence and can you also assist me with the guide required for this configuration or any other example document. I read the article on below link -
  http://sboblog.infotrust.dk/index.php/2010/05/21/active-directory-sso-on-sap-businessobjects-xi-3-1/
  but I believe that this will not applicable for me as we have BOBJ box on AIX.
  Regards
  Saurabh Mishra

• How to get the SSO user from PL/SQL with Windows native authen

  I connect to a 10g daabase using SSO through Windows Native Authentication wher the OID user mapps to a single Database user.
  I need to get the SSO user from pl/sql
  My fornt end is Portal & Forms

  Hmm, I see.
  Well your problem boils down to being in the database and needing to have access to web environment variables. The SSO sets specific variables in the environment but your stored procedure is not privy to them.
  Now having said that, note that the mod_plsql Web Toolkit has a utility for accessing cgi variables. For instance,
  owa_util.get_cgi_env('Osso-User-Dn')
  If your web application cannot capture the SSO info and pass it to the stored proc in a parameter, OWA may be the only way.
  Check out the Single Sign-On Developers Guide, specifically the part about developing statically protected PLSQL applications.
  Hope this helps.
  regards,
  tt

• WLC 5508 AP SSO FUS Upgrade with different Versions

  Hi everybody,
  I've got two 5508 configured as AP SSO and I want to upgrade the FUS to 1.9.0.0
  The Image running is 7.6.110.0
  On the active controller the FUS Version is 1.3
  On the HA-SKU controller the FUS Version is 1.7
  Now, can I upgrade the FUS to 1.9.0.0 using the GUI, even when both controllers don't use the same FUS Version? If yes, can I go directly from FUS 1.3 to 1.9.0.0?
  thanks a lot,
  marc

  Unfortunately its not possible to upgrade just the standby controller in a AP SSO setup. The Command "transfer" is not available on the controller with the standby role. :-/
  I don't get it, why it's not possible to upgrade either FUS oder Software in a AP SSO setup without downtime. The reason why people use AP SSO is because they have a sensitive wireless environment (24/7) and care about not having some downtime. Hopefully there will give some improvements in future releases in case of downtimes when upgrading.

• WLC 5508 * 2 & Mobility Group

  What I am trying to configure is Mobility Groups.
  My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
  It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
  Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
  Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
  My current config is as follows:-
  WLC 5508 * 2
  WLC 1 - Primary
  WLC 2 - HA SKU (Secondary )
  Redundancy = SSO (Both AP and Client SSO)
  =============
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. SSO (Both AP and Client SSO)
  IP Address....................................... 10.31.66.21
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 22 hrs 39 mins 57 secs
  System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +38 C
  External Temperature............................. +21 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 500
  ============================================
  TA

  TA,
  Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
  Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
  Configuring HA on the AP:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
  Using CPI to push AP configuration templates:
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
  Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
  BR, Ala