We have a new policy which specifies that all web based applications (and this includes HP-SIM on the CMS) must authenticate with certificate based authentication. Every user is issed with a certifacate that is signed by the corporate CA.
The aim is that a user logins to their PC via a username/password or two factor hardware assisted authentication. But from that point access to web applications within the corporation is authenicated by the signed certificate. So this is a single signon to everything from the end-user device. The underlying issue is users having several strong passwords for different systems and not being able to remember them so things like writing them down etc. is seen as a huge security problem for some of the more sensitive applications.
There is much more to this policy but a lot of the other things like the CMS allowing access to the SMH on a managed client is already in place and quite acceptable, provided access to the CMS is secure in the first palce. But the missing bit is the user initial access to Insight Manager on the CMS.
We are currently running SIM V7.2 on Windows 2008R2.
Is it possible to do SSO into the CMS?
I have head from some the application maintainers that this is challenge in some legacy applications and what they have done is use certificate authentication prior to reaching the login page for the application (i.e. getting the web server between the broswer and application) and if successful drop into the normal username/password login page. This is not the intent but I'm not if either way is going to be achievable with HPSIM.
Has anyone done this or give me some pointers to how you might do this with SIM?