256-bit AES-GCM with ECDSA, ECDH, and an AEAD MAC (ECDHE-ECDSA-AES256-GCM-
SHA384)
HPE SSO
HPE SSO enables you to browse directly from an HPE SSO-compliant application to iLO, bypassing an
intermediate login step.
To use this feature:
• You must have a supported version of an HPE SSO-compliant application.
• Configure iLO to trust the SSO-compliant application.
• Install a trusted certificate if CAC Strict Mode is enabled.
iLO contains support for HPE SSO applications to determine the minimum HPE SSO certificate
requirements. Some HPE SSO-compliant applications automatically import trust certificates when they
connect to iLO. For applications that do not perform this function automatically, use the HPE SSO page to
configure the SSO settings.
Configuring iLO for HPE SSO
Prerequisites
Configure iLO Settings privilege
Procedure
1.
Click
Security
in the navigation tree, and then click the
HPE SSO
tab.
2.
Configure the
SSO Trust Mode
setting.
Hewlett Packard Enterprise recommends using the
Trust by Certificate
mode.
3.
Configure iLO privileges for each role in the
Single Sign-On Settings
section.
4.
To save the SSO settings, click
Apply
.
5.
If you selected
Trust by Certificate
or
Trust by Name
, add the trusted certificate or DNS name to
iLO.
on page 266 or
on
page 267.
6.
After you configure SSO in iLO, log in to an HPE SSO-compliant application and browse to iLO.
For example, log in to HPE SIM, navigate to the
System
page for the iLO processor, and then click the
iLO link in the
More Information
section.
Although a system might be registered as a trusted server, SSO might be refused because of the
current trust mode or certificate status. For example, SSO would be refused when:
• A server is registered as a trusted server, a certificate is not imported, and the trust mode is set to
Trust by Certificate
.
• A server certificate is imported but the certificate has expired.
• The installed certificate does not meet the iLO security requirements.
HPE SSO
265