HPE Community
Server Management - Systems Insight Manager
1753641 Members
5056 Online
108798 Solutions
New Discussion

SSO to CMS itself

 
Richard Munn
Frequent Advisor

‎01-21-2015 05:04 PM

‎01-21-2015 05:04 PM

SSO to CMS itself

We have a new policy which specifies that all web based applications (and this includes HP-SIM on the CMS) must authenticate with certificate based authentication. Every user is issed with a certifacate that is signed by the corporate CA.

 

The aim is that a user logins to their PC via a username/password or two factor hardware assisted authentication. But from that point access to web applications within the corporation is authenicated by the signed certificate. So this is a single signon to everything from the end-user device. The underlying issue is users having several strong passwords for different systems and not being able to remember them so things like writing them down etc. is seen as a huge security problem for some of the more sensitive applications.

 

There is much more to this policy but a lot of the other things like the CMS allowing access to the SMH on a managed client is already in place and quite acceptable, provided access to the CMS is secure in the first palce. But the missing bit is the user initial access to Insight Manager on the CMS.

 

We are currently running SIM V7.2 on Windows 2008R2.

 

Is it possible to do SSO into the CMS?

I have head from some the application maintainers that this is challenge in some legacy applications and what they have done is use certificate authentication prior to reaching the login page for the application (i.e. getting the web server between the broswer and application) and if successful drop into the normal username/password login page. This is not the intent but I'm not if either way is going to be achievable with HPSIM.

 

Has anyone done this or give me some pointers to how you might do this with SIM?

1 person had this problem.
0 Kudos
Reply
1 REPLY 1
Andrew_Haak
Honored Contributor

‎01-31-2015 02:27 AM

‎01-31-2015 02:27 AM

Re: SSO to CMS itself

I've read that in older versions of SIM there is an option with a certificate and Active directory integration but am not sure if that still works for later versions of SIM. You would also need a config file to be changed to allow autologon.
Kind regards,

Andrew
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.