How to use proxy authenticator – HP Systems Insight Manager User Manual

Configuring trust check in HP SIM for Proxy authenticator server

Perform the following to enable trust check with the Proxy authenticator:

Procedure 42 Configuring trust check for Proxy authenticator server

1.

Create a keystore in a secure folder.

2.

Import certificate(s) as trusted certificate(s) in the keystore.

a.

If the authenticator's certificate is self-signed, import it in the keystore.

b.

If the authenticator's certificate is CA-signed, import only the CA certificate.

c.

If the authenticator's certificate is signed by an intermediate CA, then, import all the
certificates starting from the root CA to the CA that signed the certificate.

3.

Configure SecuritySettings.props file to update the keystore specific properties:

a.

proxy.auth.server.trust.check=1

b.

proxy.auth.keystore=<full path for the keystore>

mxpassword -a -x ProxyAuthKeyStorePassword=<password>

4.

Add the keystore password in HP SIM.

Use mxpassword CLI to set the keystore password. Please note that you need to use
ProxyAuthKeyStorePassword

as the key. For example,

5.

Restart HP SIM

NOTE:

Use HP SIM's JRE keytool to perform all the tasks related to certificate/keystore. For more

details, see

http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

How to use Proxy authenticator

After making necessary configuration changes and restarting HP SIM, the proxy authenticator is
automatically enabled if HP SIM is launched, which is the isProxyAuth parameter set to 1, as
well as passing all of the necessary input parameters as configured in the property file.

For example if the following properties are configured in the SecuritySettings.props file:

proxy.auth.request.url = https://10.1.2.3/token/@token@

proxy.auth.request.inputs = token

HP SIM is launched using the URL:

https://10.1.1.1:50000/?isProxyAuth=&
token=12398738273127317178127912739731273739127937123719371371893718937197319173

HP SIM makes a request to the Proxy authenticator using the URL:

https://10.1.2.3/token/
12398738273127317178127912739731273739127937123719371371893718937197319173

NOTE:

Any customization of the URL at runtime is achieved using the pattern “@tag@”, where

the special character “@” forms the prefix and suffix and the “tag” represents the incoming URL
request variables to HP SIM.

In the above example, 10.1.1.1 is the host running HP SIM and 10.1.2.3 is the host running the
authenticator.

Also note that if the value of “proxy.auth.request.url” parameter needs to be overridden by the
URL parameter, then launch HP SIM with the complete URL.

https://10.1.1.1:50000/?isProxyAuth=1&proxy.auth.request.url=https://10.1.2.3/token/
12398738273127317178127912739731273739127937123719371371893718937197319173

166 Proxy authenticator