Configuring the Authentication Service
The Authentication Service is a program implemented within a BMC Server Automation Authentication Server that is responsible for authenticating users and issuing session credentials.
In BMC Server Automation, the Authentication Server is always part of an Application Server when the Application Server type is set to CONFIGURATION or ALL. For BMC Decision Support for Server Automation, the Authentication Server stands alone and is not associated with any particular Application Server.
A default installation of BMC Decision Support for Server Automation sets up a stand-alone Authentication Service, called BMC SARA Authentication (Windows) and blauthservice (UNIX). This service authenticates users associated with multiple Application Servers. When a user successfully authenticates, the Authentication Service for reports issues single sign-on (SSO) credentials to the user.
Unlike other BMC Server Automation applications, BMC Decision Support for Server Automation must be able to refresh the SSO credentials for you so that you can run recurring reporting jobs even after the current session ends.
To enable credential refreshing
- On the reports server, start the Application Server Administration console (the
Specify that the SSO credentials issued by the Authentication Service can be refreshed, by entering the following command:
set AuthServer isSSOCredRefreshEnabled true
By default, the installation program for BMC Decision Support for Server Automation sets this value to
Specify the maximum amount of time a renewable session credentials can be used by entering the following command:
set AuthServer MaximumSessionCredentialLifetime <#>
<#>is a value in minutes. By default the installation program for BMC Decision Support for Server Automation sets this value in minutes that equals six months.
Specify the duration for any session credentials that the Authentication Server issues by entering the following command:
set AuthServer SessionCredentialLifetime <#>
<#>is a value in minutes. In a reports context, credentials can be renewed until the
MaximumSessionCredentialLifetimevalue is reached.
SessionCredentialLifetimeare set as follows:
SessionCredentialLifetimeis set to the same value as
MaximumSessionCredentialLifetime= 0 or None
MaximumSessionCredentialLifetimeis set to the same value as
For information about how to set the
SessionCredentialLifetimeoption, see Configuring the Authentication Service in the BMC Server Automation documentation.
Specify whether session credentials can be refreshed by a host other than the host to which the credentials were originally issued by entering the following command:
set AuthServer isSsoRefreshHostnameCheckEnabled true
BMC recommends that you set this option to
falseonly when the reports server does not have a static IP address.
- Restart the Authentication Service.