Setting up hp sim sso – HP Integrated Lights-Out User Manual

Configuring iLO 2 59

http://<sim network address>:280/GetCertificate
Cut and paste the certificate data from HP SIM into iLO 2.

—

Export the HP SIM server certificate from the HP SIM user interface by selecting

Options>Security>Certificates>Server Certificate. Open the file using a text editor, and copy

and paste all the certificate raw data into iLO 2.

—

Using command-line tools on the HP SIM server, the HP SIM certificate can be extracted using

the tomcat-coded alias for the HP SIM certificate. For example:

mxcert -l tomcat
The certificate data resembles:
-----BEGIN CERTIFICATE-----
several lines of encoded data

-----END CERTIFICATE-----

After pasting the HP SIM server base-64 encoded x.509 certificate data into the Directly import a
HP SIM Server Certificate section, click Import Certificate to record the data. This type of record

supports SSO Trust by Name and SSO Trust by Certificate.

There are other ways to retrieve HP SIM server certificate data. For more information, see your HP SIM

documentation.

Setting up HP SIM SSO

The HP SIM SSO page allows you to view and configure the existing iLO 2 Single Sign-On settings. You

must have the Configure iLO 2 privilege to alter these settings. To access iLO 2 SSO settings, click

Administration>Security>HP SIM SSO.

The HP Systems Insight Manager Single Sign-On Settings page includes the following fields and options:

•

Single Sign-On Trust Mode— Enables you to control how SSO-initiated connections are accepted:

o

Trust None (default)—Rejects all SSO connection requests.

o

Trust by Certificate (most secure)—Enables only SSO connections from an HP SIM server
matching a certificate previously imported into iLO 2.

o

Trust by Name—Enables SSO connections from an HP SIM server matching a DNS name or
certificate previously imported into iLO 2.

o

Trust All (least secure)—Accepts any SSO connections initiated from any HP SIM server.