Single Sign-On (Sso) - HP AB500A - Integrated Lights-Out Advanced Technology Brief
Hp integrated lights-out security, 6th edition
Hide thumbs
Also See for AB500A - Integrated Lights-Out Advanced:
- User manual (235 pages) ,
- Configuration (39 pages) ,
- Technology brief (24 pages)
Table of Contents
Advertisement
The result is base-64 encoded and sent to the applet.
4.
Figure 11. Process iLO uses to create the one-time login token for Java applet login
The result is that the applet passes the web server session ID as username and the ASCII hash as
password to iLO. If iLO detects a match with the original 40-character random secret, which has been
stored in firmware, iLO allows the login, and the connection credentials are matched with those
stored in the session. The process of comparing the password with the stored secret destroys the
secret. Successive attempts to connect using that 40-character secret will fail.
In addition to supporting the one-time secret login, the remote console applet also supports traditional
username and password login. For example, if the remote console port configuration is enabled, and
the remote console data encryption is set to <no>, then Telnet can employ the username and
password credentials to connect iLO to the remote console port.
The new connection that the Java applet will use stays open as long as the server receives a
"heartbeat" once every 30 seconds. If the server does not receive a heartbeat within one minute, the
connection will be closed.
The iLO v1.91 and iLO 2 v1.30 and later releases include the Remote Console Computer Lock
feature. With Remote Console Computer Lock, the operating system console self-locks when the
session is closed or is timed out. Even though the session is closed, the connection remains active and
authenticated to the OS. Without The Remote Console Computer Lock, another iLO user could access
that open connection and start a new session. The console also self-locks if the network connection is
broken during a remote session. This feature is supported in Microsoft
Windows
and Linux
®
®
®
operating systems. Configurable through programmable keys like the RC hot-keys, Remote Console
Computer Lock allows iLO users remotely logged in to a server to maintain a connection.
Single Sign-On (SSO)
This feature, available with the release of iLO v1.91 and iLO 2 v1.30, is called Systems Insight
Manager (SIM) Single Sign-On (SSO). SIM SSO allows a SIM user to access iLO directly from
Systems Insight Manager without requiring an extra iLO login step. iLO rights are governed by the
20
Advertisement
Table of Contents
