How to use proxy authenticator – HP Systems Insight Manager User Manual
Page 169
Configuring trust check in HP SIM for Proxy authenticator server
Perform the following to enable trust check and mutual authenticator with the proxy authenticator
server:
Procedure 43 Configuring trust check for Proxy authenticator server
1.
Create a keystore in a secure folder with public/private keypair.
2.
Import certificate(s) as trusted certificate(s) in the keystore.
a.
If the authenticator's certificate is self-signed, import it in the keystore.
b.
If the authenticator's certificate is CA-signed, import only the CA certificate.
c.
If the authenticator's certificate is signed by an intermediate CA, then, import all the
certificates starting from the root CA to the CA that signed the certificate.
3.
Configure SecuritySettings.props file to update the keystore specific properties:
a.
proxy.auth.server.trust.check=1
b.
proxy.auth.keystore=
4.
Add the keystore password in HP SIM.
Use mxpassword CLI to set the keystore password.
NOTE:
You must use ProxyAuthKeyStorePassword as the key. For example,
mxpassword –a –x ProxyAuthKeyStorePassword=
.
5.
Mutual authentication configuration:
a.
To enable mutual authentication in SIM, proxy.auth.server.trust.check property
must be set to 1 in SecuritySettings.props file.
b.
The keystore must contain authenticators certificate mentioned in step 2.
c.
To disable mutual authentication, proxy.auth.server.trust.check property must
be set to 0 in SecuritySettings.props file.
6.
Restart HP SIM.
NOTE:
Use HP SIM's JRE keytool to perform all the tasks related to certificate/keystore. For more
details, see
How to use Proxy authenticator
After making necessary configuration changes and restarting HP SIM, the proxy authenticator is
automatically enabled if HP SIM is launched, which is the isProxyAuth parameter set to 1, as
well as passing all of the necessary input parameters as configured in the property file.
For example if the following properties are configured in the SecuritySettings.props file:
proxy.auth.request.url = https://10.1.2.3/token/@token@
proxy.auth.request.inputs = token
HP SIM is launched using the URL:
HP SIM makes a request to the Proxy authenticator using the URL:
12398738273127317178127912739731273739127937123719371371893718937197319173
NOTE:
Any customization of the URL at runtime is achieved using the pattern “@tag@”, where
the special character “@” forms the prefix and suffix and the “tag” represents the incoming URL
request variables to HP SIM.
Configuring trust check in HP SIM for Proxy authenticator server
169