Security measures to follow – HP Systems Insight Manager User Manual

Administrators can still be able to access all CLIs (such as mxuser, mxnode, and so on) when HP
SIM runs on two-factor authentication mode.

Smart cards and Cryptographic Service Provider (CSP)

HP SIM does not directly communicate with the Cryptographic Service provider rather it leverages
the capabilities from the browser. It is expected that browsers need to be configured manually to
communicate with the Smart card's CSP. Browsers must be able to recognize smart cards and
prompt for PIN when user connects to HP SIM.

For instance, if Active Client is installed and running on a client workstation, and if user connects
to HP SIM through Internet Explorer, then Internet Explorer will start communicating with the Active
Client CSP and will prompt the user to insert the Smart card.

Security measures to follow

•

You are advised to close the browser and remove the smart card immediately after you have
logged out of HP SIM. This will clean up any certificate cached by the browser, or by the
software CSP.

•

It is recommended to use a fresh browser window to login to HP SIM.

•

Always insert Smart card before connecting to HP SIM. Few browsers might not recognize or
communicate with the CSP until you insert the smart card.

•

Whenever you get any error during the course of authentication, close the browser and retry.
This is because the browser will treat the current session as failed and will not allow you to
re-handshake with the server.

•

Do not store your certificates in the browser. This might enable others to use your certificate.

Login steps:

•

Type https://<CMS>:50000 from the browser (IE or firefox).

•

If the browser is configured properly, you will be prompted to pass the PIN

•

User is authenticated and authorized successfully.

Two-factor authentication

121