HPE Community
ProLiant Servers (ML,DL,SL)
1823125 Members
3276 Online
109646 Solutions
New Discussion юеВ

Re: ILO 5 CAC Smartcard authentication

 
SOLVED
Go to solution
JLB-MP
Established Member

тАО02-12-2024 03:31 PM - last edited on тАО02-12-2024 09:06 PM by

тАО02-12-2024 03:31 PM - last edited on тАО02-12-2024 09:06 PM by

ILO 5 CAC Smartcard authentication

I have been attempting to setup ILO 5 with CAC Smartcard authentication but have thus far been unsuccessful.   I followed the instruction in the ILO user manual and always get invalid user input in the log.    Can anyone give me in detail on what the certificate should look like?   Is there a better log somewhere that might give me some insight?   Any help would be greatly appreciated.

0 Kudos
Reply
8 REPLIES 8
support_s
System Recommended

тАО02-12-2024 04:32 PM

тАО02-12-2024 04:32 PM

Query: ILO 5 CAC Smartcard authentication

System recommended content:

1. HPE iLO 5 Security Technology Brief | Recommended security settings for iLO 5

2. HPE iLO 5 3.01 User Guide | Logging in to the iLO web interface

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

Reply
Suman_1978
HPE Pro

тАО02-12-2024 08:34 PM

тАО02-12-2024 08:34 PM

Re: ILO 5 CAC Smartcard authentication

Hi,

Per the documentation for CAC Smartcard AuthenticationA common access card (CAC) is a United States Department of Defense (DoD) smartcard for multifactor authentication.

CAC Smartcard Authentication (requires an iLO Advanced license).

Thank You!
I work with HPE but opinions expressed here are mine.
HPE Tech Tips videos on How To and Troubleshooting topics



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
JLB-MP
Established Member

тАО02-13-2024 06:08 AM

тАО02-13-2024 06:08 AM

Re: ILO 5 CAC Smartcard authentication

Can I only use a smartcard with ILO if I have a CAC Smartcard from the DoD?   Does that mean my only option for ILO two factor authentication is email?

0 Kudos
Reply
Suman_1978
HPE Pro

тАО02-13-2024 06:37 AM

тАО02-13-2024 06:37 AM

Re: ILO 5 CAC Smartcard authentication

Hi,

There is a video which may help you on iLO session creation with Two Factor Authentication and Redfish.

Thank You!
I work with HPE but opinions expressed here are mine.
HPE Tech Tips videos on How To and Troubleshooting topics



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
JLB-MP
Established Member

тАО02-13-2024 02:56 PM

тАО02-13-2024 02:56 PM

Re: ILO 5 CAC Smartcard authentication

I was already able to get the two factor using a directory login and email to work.   Unfortunately your posts haven't been much help nor answered my questions.   I would really like to be able to use local ILO accounts and do some form of two factor.  Is that even possible?

Reply
Suman_1978
HPE Pro

тАО02-13-2024 07:17 PM

тАО02-13-2024 07:17 PM

Re: ILO 5 CAC Smartcard authentication

Hi,

As already shared in the documentation, that is what can be done or configured.
If you need further help, you may contact our HPE Support and log a support case.

Thank You!
I work with HPE but opinions expressed here are mine.
HPE Tech Tips videos on How To and Troubleshooting topics



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
JLB-MP
Established Member

тАО02-14-2024 03:13 PM

тАО02-14-2024 03:13 PM

Solution

Re: ILO 5 CAC Smartcard authentication

I did finally get smart card authentication to work with ILO 5 and a local user.

1. The certificate needs to be RSA format, Smart Card Logon as an application policy and the UPN as a SAN.
2. Create a local ILO user and make the Login Name the same as the SAN UPN in the certificate.
3. The certificate will need to be mapped to the user under certificate mapping.
4. Under CAC/Smartcard enable CAC Smartcard Authentication, select Use Certificate SAN UPN and upload the CA Certificate as a Trusted CA.

Reply
Sunitha_Mod
Moderator

тАО02-28-2024 07:37 AM

тАО02-28-2024 07:37 AM

Re: ILO 5 CAC Smartcard authentication

Hello @JLB-MP,

That's awesome! 

We are extremely glad to know you were able to find the solution and we appreciate you for keeping us posted. 



Thanks,
Sunitha G
I'm an HPE employee.
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.