Configuring the Authentication Service
The Authentication Service is a program implemented within a BMC Server Automation Authentication Server that is responsible for authenticating users and issuing session credentials.
In BMC Server Automation, the Authentication Server is always part of an Application Server when the Application Server type is set to CONFIGURATION or ALL. For BMC Decision Support for Server Automation, the Authentication Server stands alone and is not associated with any particular Application Server.
A default installation of BMC Decision Support for Server Automation sets up a stand-alone Authentication Service, called BMC SARA Authentication (Windows) and blauthservice (UNIX). This service authenticates users associated with multiple Application Servers. When a user successfully authenticates, the Authentication Service for reports issues single sign-on (SSO) credentials to the user.
Unlike other BMC Server Automation applications, BMC Decision Support for Server Automation must be able to refresh the SSO credentials for you so that you can run recurring reporting jobs even after the current session ends.
To enable credential refreshing
- On the reports server, start the Application Server Administration console (the blasadmin utility).
Specify that the SSO credentials issued by the Authentication Service can be refreshed, by entering the following command:
set AuthServer isSSOCredRefreshEnabled trueBy default, the installation program for BMC Decision Support for Server Automation sets this value to true.
Specify the maximum amount of time a renewable session credentials can be used by entering the following command:
set AuthServer MaximumSessionCredentialLifetime <#><#> is a value in minutes. By default the installation program for BMC Decision Support for Server Automation sets this value in minutes that equals six months.
Specify the duration for any session credentials that the Authentication Server issues by entering the following command:
set AuthServer SessionCredentialLifetime <#><#> is a value in minutes. In a reports context, credentials can be renewed until the MaximumSessionCredentialLifetime value is reached.
Values of MaximumSessionCredentialLifetime and SessionCredentialLifetime are set as follows:
MaximumSessionCredentialLifetime <
SessionCredentialLifetimeSessionCredentialLifetime is set to the same value as MaximumSessionCredentialLifetime
MaximumSessionCredentialLifetime = 0 or None
MaximumSessionCredentialLifetime is set to the same value as SessionCredentialLifetime.
For information about how to set the SessionCredentialLifetime option, see Configuring the Authentication Service in the BMC Server Automation documentation.
Specify whether session credentials can be refreshed by a host other than the host to which the credentials were originally issued by entering the following command:
set AuthServer isSsoRefreshHostnameCheckEnabled trueBMC recommends that you set this option to false only when the reports server does not have a static IP address.
- Restart the Authentication Service.