Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Setting override locations for client SSO files

The BMC Server Automation system of single sign-on stores SSO user information in the following files:

Each of these SSO files resides at a default location. If necessary, you can instruct a client application to use a file in a different location. The following sections explain how to override locations for SSO files for the different BMC Server Automation client applications:

Authentication profile file

Authentication profiles are collections of information that a BMC Server Automation client application needs to log into the BMC Server Automation Authentication Service. All authentication profiles are stored within a single XML file. Within that file each authentication profile must have a unique name. By default, that XML file resides at <installDirectory>/br/authenticationProfiles.xml.

To create the authenticationProfiles.xml file, you can use the BMC Server Automation Console to generate authentication profiles in their default location (see Setting up an authentication profile), or you can copy the authenticationProfiles.xml file from a client machine where the console is installed and authentication profiles have already been created.

BMC BladeLogic Decision Support for Server Automation does not need an authentication profile to authenticate users.

Session credential cache file

When an Authentication Service authenticates a user, it issues a session credential. BMC Server Automation clients use session credentials to establish secure sessions with Application Servers and Network Shell proxy servers. BMC Server Automation Console users can choose to cache session credentials. When authenticating with the blcred utility, session credentials are automatically cached.

A standard BMC Server Automation installation uses a default location for caching session credentials, as described below.

Platform

Default location

Solaris
Linux
AIX
HP-UX


<userHomeDirectory>/.bladelogic/bl_sesscc

where <userHomeDirectory> is the home directory of the user running the client application

Windows

C:\Documents and Settings\<WindowsUserName>\ Application Data\BladeLogic\bl_sesscc

Trusted keystore

When a BMC Server Automation client first accesses a middle tier entity (by necessity, the Authentication Service) to authenticate and obtain an SSO credential, the client establishes a TLS connection with that entity. In the course of the TLS handshake, the client is presented with the Authentication Server's self-signed X.509 certificate. The user is asked to trust the certificate. If the user does, the certificate is added to the client's list of trusted certificates. This list, which is known as a keystore, resides in a default location, as described below:

Platform

Default location

Solaris
Linux
AIX
HP-UX


<userHomeDirectory>/.bladelogic/client_keystore.pkcs12.pem

where <userHomeDirectory> is the home directory of the user running the client application

Windows

C:\Documents and Settings\<WindowsUserName>\ Application Data\BladeLogic\client_keystore.pkcs12.pem

SSO file locations for BLCLI

To specify alternative locations for SSO files used by the BLCLI, you can either provide command line arguments or define environment variables. A location provided in a command line option takes precedence over a location provided with an environment variable. The following table identifies SSO file locations you can specify for BLCLI and the mechanisms available to provide that information.

SSO File Mechanisms to identify location Precedence
SSO session credentials command line option: -f <credentialCacheFileName> Takes precedence over environment variable
environment variable: BL_SSO_CRED_CACHE_FILE  
Authentication profile definitions command line option: -w <authenticationProfilesFile> Takes precedence over environment variable
environment variable: BL_AUTH_PROFILES_FILE  
Keystore for trusted X.509 certificates command line option: -x <certificateStore> Takes precedence over environment variable
environment variable: BL_SSO_TRUSTED_CERT_KEYSTORE_FILE  


For more information about using command line options in BLCLI, see the BLCLI documentation. For more information about setting environment variables, see Environment variables.

Setting SSO file locations for Network Shell

To specify alternative locations for SSO files used by Network Shell operating in proxy mode, you can define environment variables or make settings in the client's secure file. A location provided in an environment variable takes precedence over a securefile setting. The following table identifies SSO file locations you can specify and the mechanisms available to provide that information.

SSO File Mechanisms to identify location Precedence
SSO session credentials environment variable: BL_SSO_CRED_CACHE_FILE  
Authentication profile definitions environment variable: BL_AUTH_PROFILES_FILE Takes precedence over secure file setting
secure file setting: auth_profiles_file  
Keystore for trusted X.509 certificates environment variable: BL_SSO_TRUSTED_CERT_KEYSTORE_FILE  

For more information about defining settings in the secure file, see Secure file overview. For more information about setting environment variables, see Environment variables.

Was this page helpful? Yes No Submitting... Thank you

Comments