Use this procedure to configure a Network Shell client so it can run in proxy mode — that is, so it can communicate with servers using a Network Shell proxy server. This topic describes the settings you must add to the secure file for a client installation.
Additionally, if you plan to run Network Shell and BLCLI scripts unattended on this client machine, this procedure includes steps to ensure that the scripts have access to valid SSO session credentials. You can use the blcred
utility to authenticate a user and acquire a new session credential. For a complete description of blcred
, see the blcred
man page.
Note
To use the blcred
utility, you must have the BMC Server Automation Console installed.
secadmin
utility to create an entry in the secure file that specifies the following:auth_profile=<authProfile>
, where <authProfile>
is the name of the authentication profile that holds a description of the Authentication Service from which the required session credential should be issued and the authentication mechanism that was used to authenticate the user when the session credential was acquired. <authProfile>
must match the name of an authentication profile included in that file. Note that the BL_AUTH_PROFILE_NAME environment variable can override the value of this secure file setting.auth_profiles_file=<fileName>
, where <fileName>
is the Network Shell path to the XML file containing authentication profile definitions, such as /c/Program Files/BMC Software/BladeLogic/NSH/br/authenticationProfiles.xml. To create the authenticationProfiles.xml file, use the BMC Server Automation Console to generate authentication profiles on this client machine (see Setting up an authentication profile for details), or copy authenticationProfiles.xml from a machine where the console is installed and authentication profiles have already been created. The BL_AUTH_PROFILES_FILE environment variable can override the value of the auth_profiles_file setting in the secure file.
The auth_profiles_file
option is only necessary if you have stored the authenticationProfiles.xml file in a location other than its default location. By default, this file is located at <install_dir>/br/authenticationProfiles.xml.
appserver_protocol=ssoproxy
For example, the following is a default
entry in the secure file on a client machine running Network Shell:
default:protocol=5:auth_profile=QAProfile:appserver_protocol=ssoproxy: tls_mode=encryption_only:encryption=tls
To use the secadmin
utility to generate the default
entry shown above, enter the following from Network Shell:
secadmin -m default -p 5 -auth_profile QAProfile -appserver_protocol ssoproxy -T encryption_only -e tls
For more information about the secure file, see Configuring the secure file. For more information about secadmin
, see Using the secadmin utility.
blcred
or by defining the BL_AUTH_PROFILE_NAME environment variable. blcred
or you can create one beforehand using the BMC Server Automation Console. See Setting up an authentication profile for information about using the BMC Server Automation Console to set up authentication profiles.blcred
that provide a user name, password, and other information required for the authentication mechanism.blcred
utility prompt for a user name, password, and other information required for the authentication mechanism.blcred
with the -i
parameter to obtain the SRP credentials from this file. For more information, see the Using the blcred utility and the man page for the blcred
command.-r <rolename>
to the BLCLI command. When using Network Shell performance commands to run BLCLI commands, specify a role by running blcli_setoption roleName <rolename>
before calling the blcli_connect
or blcli_execute
commands.