Manualshelf

Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)
81828384858687888990
Single Sign-On Trust Mode options
The Single Sign-On Trust Mode affects how iLO responds to HPE SSO requests.
Trust None (SSO disabled) (default)—Rejects all SSO connection requests
Trust by Certificate (most secure)—Enables SSO connections from an HPE SSO-compliant
application by matching a certificate previously imported to iLO
Trust by Name—Enables SSO connections from an HPE SSO-compliant application by
matching a directly imported IP address or DNS name.
Trust All (least secure)—Accepts any SSO connection initiated from any HPE SSO-compliant
application.
SSO user privileges
When you log in to an HPE SSO-compliant application, you are authorized based on your HPE
SSO-compliant application role assignment. The role assignment is passed to iLO when SSO is
attempted.
SSO attempts to receive only the privileges assigned in this section. iLO directory settings do
not apply.
The default privilege settings follow:
User—Login only
Operator—Login, Remote Console, Power and Reset, and Virtual Media
Administrator—Login, Remote Console, Power and Reset, Virtual Media, Configure iLO,
and Administer Users
Adding trusted certificates
The certificate repository can hold five typical certificates. However, if typical certificates are not
issued, certificate sizes might vary. When all of the allocated storage is used, no more imports
are accepted.
Prerequisites
Configure iLO Settings privilege
Adding a certificate
1. Navigate to the AdministrationSecurityHPE SSO page.
2. Use one of the following methods to add a trusted certificate:
Direct import—Copy the Base64-encoded certificate X.509 data, paste it into the text
box above the Import Certificate button, and then click the button.
iLO 4 1.20 or later might be required to install the larger certificates used with recent
versions of HPE SIM. HPE SIM 7.3.2 or later supports 2048-bit certificates.
Indirect import—Type the DNS name or IP address in the text box above the Import
Certificate from URL button, and then click the button. iLO contacts the HPE
SSO-compliant application over the network, retrieves the certificate, and then saves
it.
For information about how to extract an HPE SIM certificate, see “Extracting the HPE SIM server
certificate” (page 91).
For information about how to extract certificates from other HPE SSO-compliant applications,
see your HPE SSO-compliant application documentation.
90 Configuring the iLO security features