Important

   

This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

Setting up an authentication profile

An authentication profile is a collection of information that the system uses to conduct a logon session. When you log on to the TrueSight Server Automation Console, you must select an authentication profile.

When you set up an authentication profile, you can choose the type of authentication you want to perform. By default, TrueSight Server Automation provides secure remote password (SRP) authentication. For more information about configuring all types of authentication, see Implementing authentication.

During a logon session, the Authentication Service authenticates users and issues session credentials. The Authentication Service is a service implemented within the TrueSight Server Automation Application Server. The Authentication Service is responsible for authenticating users and issuing session credentials.

Note

Authentication profiles are stored in a file called authenticationProfiles.xml. If multiple users share the same machine and decide to define their own authentication profiles, they could access the same file simultaneously. To avoid this situation, BMC recommends that administrators set up standard authentication profiles for all users sharing the same machine. The administrator should also limit write access to the authenticationProfiles.xml file. For information about storing authentication profiles, see System capabilities related to security.

To set up an authentication profile

  1. To open the logon window for the TrueSight Server Automation Console, do one of the following:
    • (Microsoft Windows) Perform one of the following steps:
      • From the Start menu, select Programs > BMC Software > BladeLogic Server Automation Suite > Server Automation Console releaseNumber.
      • From the directory where TrueSight Server Automation is installed (for example, C:\Program Files\BMC Software\BladeLogic\CM), enter:

        .\rcp\BSAClient.exe

        If more than one version of the client is installed, the different versions reside in directories called BladeLogicN, such as BladeLogic2.

    • (UNIX) From the directory where TrueSight Server Automation is installed (for example, /opt/bmc/BladeLogic/CM), enter:

      ./rcp/bsaclient.sh
  2. In the logon window, click Options. The window expands to show additional options in a tabbed format.
  3. Click the Authentication Profile tab.
  4. Do one of the following:
    • To modify an existing authentication profile, select the profile in the profiles list. Then click Edit. The Edit Authentication Profile dialog opens.
    • To create a new profile, click Add. The New Authentication Profile dialog box opens. It provides the same fields as the Edit Authentication Profile dialog box.
  5. In the Authentication Profile dialog box, enter values for the following:

    Profile Name

    Name you assign to this authentication profile. For example, you could assign a name such as QATeam or DevTeam.

    Application Server

    Name or IP address (IPv4 or IPv6) of the Application Server to which the client should connect.

    Note: If you specify an IPv6 address, enclose the server address in square brackets. For example, [2001:db8::1:2].

    Authentication Port

    Port to which the client should connect to the Authentication Service. The same port is used for all TrueSight Server Automation authentication mechanisms.

    Authentication Method

    The authentication mechanism for this authentication profile. Specify the mechanism by performing one of the following actions:

    • Select Secure Remote Password.
    • Select AD/Kerberos Single Sign-on.
    • Select Domain Authentication.
    • Select LDAP.
      Optionally, for Distinguished Name Template, enter the name of a distinguished name template used to identify LDAP users. This is not necessary if you activated the Enhanced LDAP Authentication feature that enables the use of a shorter user name (rather than the full distinguished name) during authentication. For more information about distinguished name templates and about Enhanced LDAP Authentication, see Implementing LDAP authentication.
    • Select RSA SecurID Authentication.
    • Select Public Key Infrastructure Authentication.
  6. Click OK.
Was this page helpful? Yes No Submitting... Thank you

Comments