Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring the Authentication Service

The 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

 Authentication Server is dedicated to authenticating users. In 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

, the Authentication Server is always part of an Application Server, if the type of the Application Server is set to CONFIGURATION or ALL. For 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

, the Authentication Server stands alone and is not associated with any particular Application Server.

The Authentication Service is a program implemented within a 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Authentication Server that is responsible for authenticating users and issuing session credentials.

A default installation of 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

sets up a stand-alone Authentication Service, which can authenticate users associated with multiple Application Servers. When a user successfully authenticates, the Authentication Service for reports issues single sign-on (SSO) credentials to the user.

Unlike other 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

applications, 

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

must be able to refresh the SSO credentials for you so that you can run recurring reporting jobs even after the current session for you ends.

To enable credential refreshing

  1. On the reports server, start the Application Server Administration console (the blasadmin utility).

  2. Specify that the SSO credentials issued by the Authentication Service can be refreshed, by entering the following command:

    set AuthServer isSSOCredRefreshEnabled true

    By default, the installation program for 

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    sets this value to true.

  3. Specify the maximum amount of time a renewable session credentials can be used, by entering the following command:

    set AuthServer MaximumSessionCredentialLifetime <#>

    where <#> is a value in minutes. By default the installation program for 

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    sets this value in minutes that equals six months.

    Another option for the Authentication Server, called SessionCredentialLifetime specifies the duration for any session credentials that the Authentication Server issues. In a reports context, credentials can be renewed until the MaximumSessionCredentialLifetime value is reached. If you set MaximumSessionCredentialLifetime to a value less than SessionCredentialLifetime, the value of SessionCredentialLifetime is automatically set to the same value as MaximumSessionCredentialLifetime. If you do not set a value for MaximumSessionCredentialLifetime or you set it to 0, it automatically receives a value equal to SessionCredentialLifetime. For information about how to set the SessionCredentialLifetime option, see Configuring the Authentication Service in the BMC Server Automation documentation.

  4. Specify whether session credentials can be refreshed by a host other than the host to which the credentials were originally issued by entering the following command:

    set AuthServer isSsoRefreshHostnameCheckEnabled true

    You should set this option to false only when the reports server does not have a static IP address.

  5. Restart the Authentication Server.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*