Manualshelf

HP Integrated Lights-Out Security, 7th edition

ManualsBrandsHP ManualsSoftwareInsight Software
12345678910
10
Figure 5. Flowchart of common login API that iLO performs using authenticated credentials in the cookie
Start iLO 2 login process
Bad login
name or
password
Directory
enabled and
local accounts
disabled?
Found as
local user?
Scan local
user accounts
No
Single
Sign-On
Enabled?
Compare with
SSO proxy
credentials
Erase
SSO proxy
credentials
Match as
SSO?
No
Yes
Directory
integration?
Yes
No
No
Attempt directory
authentication
Authenticated
to directory?
iLO security
override
switch set?
No
Yes
No
Login as
security override:
login name
Exit (error)
No
Yes
No
Login as
Local user
Login as
SSO user
Login as
Directory user
Yes
Yes
Yes
Yes
Record login
event
Record login
failure
Log the event? Yes
No
Exit (success)
Start iLO 2 login process
Bad login
name or
password
Directory
enabled and
local accounts
disabled?
Found as
local user?
Scan local
user accounts
No
Single
Sign-On
Enabled?
Compare with
SSO proxy
credentials
Erase
SSO proxy
credentials
Match as
SSO?
No
Yes
Directory
integration?
Yes
No
No
Attempt directory
authentication
Authenticated
to directory?
iLO security
override
switch set?
No
Yes
No
Login as
security override:
login name
Exit (error)
No
Yes
No
Login as
Local user
Login as
SSO user
Login as
Directory user
Yes
Yes
Yes
Yes
Record login
event
Record login
failure
Log the event? Yes
No
Exit (success)
After authenticating the user, iLO calculates the current privileges (seeCalculating current privileges”)
and sends the iLO Status Summary page to the client browser. The iLO Status Summary screen
displays general information about iLO, such as all logged in users, server name and status, iLO IP
address and name, and latest log entry data. The login process is then complete, and the user can
perform any authorized functions.
Authentication and authorization with iLO 3
iLO 3 assigns to every authenticated session a unique and wholly random session cookie containing
only the session key. To prevent redirected post and cross-site scripting attacks, the session key must
be presented with every request and must be embedded in any request that makes changes to iLO 3
settings.
After authenticating the user, iLO calculates the current privileges and sends the iLO Status Summary
page to the client browser. The login process is complete.