beautypg.com

How to use proxy authenticator – HP Systems Insight Manager User Manual

Page 169

background image

Configuring trust check in HP SIM for Proxy authenticator server

Perform the following to enable trust check and mutual authenticator with the proxy authenticator
server:

Procedure 43 Configuring trust check for Proxy authenticator server

1.

Create a keystore in a secure folder with public/private keypair.

2.

Import certificate(s) as trusted certificate(s) in the keystore.

a.

If the authenticator's certificate is self-signed, import it in the keystore.

b.

If the authenticator's certificate is CA-signed, import only the CA certificate.

c.

If the authenticator's certificate is signed by an intermediate CA, then, import all the
certificates starting from the root CA to the CA that signed the certificate.

3.

Configure SecuritySettings.props file to update the keystore specific properties:

a.

proxy.auth.server.trust.check=1

b.

proxy.auth.keystore=

4.

Add the keystore password in HP SIM.

Use mxpassword CLI to set the keystore password.

NOTE:

You must use ProxyAuthKeyStorePassword as the key. For example,

mxpassword –a –x ProxyAuthKeyStorePassword=

.

5.

Mutual authentication configuration:

a.

To enable mutual authentication in SIM, proxy.auth.server.trust.check property
must be set to 1 in SecuritySettings.props file.

b.

The keystore must contain authenticators certificate mentioned in step 2.

c.

To disable mutual authentication, proxy.auth.server.trust.check property must
be set to 0 in SecuritySettings.props file.

6.

Restart HP SIM.

NOTE:

Use HP SIM's JRE keytool to perform all the tasks related to certificate/keystore. For more

details, see

http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

How to use Proxy authenticator

After making necessary configuration changes and restarting HP SIM, the proxy authenticator is
automatically enabled if HP SIM is launched, which is the isProxyAuth parameter set to 1, as
well as passing all of the necessary input parameters as configured in the property file.

For example if the following properties are configured in the SecuritySettings.props file:

proxy.auth.request.url = https://10.1.2.3/token/@token@

proxy.auth.request.inputs = token

HP SIM is launched using the URL:

https://10.1.1.1:50000/?isProxyAuth=&
token=12398738273127317178127912739731273739127937123719371371893718937197319173

HP SIM makes a request to the Proxy authenticator using the URL:

https://10.1.2.3/token/
12398738273127317178127912739731273739127937123719371371893718937197319173

NOTE:

Any customization of the URL at runtime is achieved using the pattern “@tag@”, where

the special character “@” forms the prefix and suffix and the “tag” represents the incoming URL
request variables to HP SIM.

Configuring trust check in HP SIM for Proxy authenticator server

169