HP Systems Insight Manager 7.3 User Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 4.x HP-UX Software

161

162

163

164

165

166

167

168

169

170

Configuring trust check in HP SIM for Proxy authenticator server

Perform the following to enable trust check and mutual authenticator with the proxy authenticator

server:

Procedure 43 Configuring trust check for Proxy authenticator server

1. Create a keystore in a secure folder with public/private keypair.

2. Import certificate(s) as trusted certificate(s) in the keystore.

a. If the authenticator's certificate is self-signed, import it in the keystore.

b. If the authenticator's certificate is CA-signed, import only the CA certificate.

c. If the authenticator's certificate is signed by an intermediate CA, then, import all the

certificates starting from the root CA to the CA that signed the certificate.

3. Configure SecuritySettings.props file to update the keystore specific properties:

a. proxy.auth.server.trust.check=1

b. proxy.auth.keystore=<full path for the keystore>

4. Add the keystore password in HP SIM.

Use mxpassword CLI to set the keystore password.

NOTE: You must use ProxyAuthKeyStorePassword as the key. For example,

mxpassword –a –x ProxyAuthKeyStorePassword=<password>.

5. Mutual authentication configuration:

a. To enable mutual authentication in SIM, proxy.auth.server.trust.check property

must be set to 1 in SecuritySettings.props file.

b. The keystore must contain authenticators certificate mentioned in step 2.

c. To disable mutual authentication, proxy.auth.server.trust.check property must

be set to 0 in SecuritySettings.props file.

6. Restart HP SIM.

NOTE: Use HP SIM's JRE keytool to perform all the tasks related to certificate/keystore. For more

details, see http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

How to use Proxy authenticator

After making necessary configuration changes and restarting HP SIM, the proxy authenticator is

automatically enabled if HP SIM is launched, which is the isProxyAuth parameter set to 1, as

well as passing all of the necessary input parameters as configured in the property file.

For example if the following properties are configured in the SecuritySettings.props file:

proxy.auth.request.url = https://10.1.2.3/token/@token@

proxy.auth.request.inputs = token

HP SIM is launched using the URL:

https://10.1.1.1:50000/?isProxyAuth=&

token=12398738273127317178127912739731273739127937123719371371893718937197319173

HP SIM makes a request to the Proxy authenticator using the URL:

https://10.1.2.3/token/

12398738273127317178127912739731273739127937123719371371893718937197319173

NOTE: Any customization of the URL at runtime is achieved using the pattern “@tag@”, where

the special character “@” forms the prefix and suffix and the “tag” represents the incoming URL

request variables to HP SIM.

Configuring trust check in HP SIM for Proxy authenticator server 169