Once an asset is part of the secured enterprise system, the PSO must assign READ access to the asset so users can use proxy authentication. This section describes how to create user-based proxy authentication information using Enterprise Security Manager. To create role- or asset-based proxy authentication information, you must use SMAPI—see Chapter 9, “Proxy Authentication.”
Table 3-6 describes the permissions you must have to manage user-based proxy authentication information.
Action |
Permissions required |
|---|---|
Create user-based proxy authentication information |
UPDATE on the subject controlling asset. |
View proxy authentication information |
READ on the subject controlling asset. |
Edit proxy authentication information, including a user’s proxy authentication password |
UPDATE on the subject controlling asset. |
Delete user-based proxy authentication information |
UPDATE on the subject controlling asset. |
Managing user-based proxy authentication information
In the Organization Manager tree view, select an organization, and highlight Users.
In the right pane, highlight a user, right-click, and select Proxy Authentication. The Manage User Proxy Authentication Information dialog box displays.
To create proxy authentication information for the user, see “Creating user-based proxy authentication information”.
To edit an entry, see “Editing user-based proxy authentication information”.
To delete an entry, highlight the entry, and click Delete.
For complete information about using proxy authentication to implement single sign-on to enterprise resources, see Chapter 9, “Proxy Authentication.”
Creating user-based proxy
authentication information
Before you can create proxy authentication information, users and assets must exist in the enterprise environment. To define a user’s proxy authentication information for an asset:
In the Manage User Proxy Authentication Information dialog box, click New. The Create User Proxy Authentication Information dialog box displays.
Enter:
Asset DN – the distinguished name for the asset. To look up the DN, click Find.
In the Choose Asset dialog box, select the organization to which the asset belongs, highlight the asset name, then click OK. The asset DN displays in the Create User Proxy Authentication Information dialog box.
Service URL – the connection request uses this URL to establish a connection with the selected asset.
User Name – the name used to log in to the asset specified by the URL.
Password – a valid password for the user name.
Verify Password – the same password.
Click OK to save your changes. The asset now has proxy authentication information associated with it.
Repeat this procedure for each asset for which you want to create proxy authentication information.
Editing user-based proxy
authentication information
In the Manage User Proxy Authentication Information dialog box, highlight the entry you want to change, and click Edit. The Edit User Proxy Authentication Information dialog box displays.
Edit any values you want to change. For a description of the fields, see “Creating user-based proxy authentication information”. Click OK to save your changes.
Changing a user’s proxy authentication
password
In the Manage User Proxy Authentication Information dialog box, highlight the entry for which you want to change the password, and click Change Password. The Change User Proxy Authentication Password dialog box displays.
Enter the new password twice, and click OK.
