Setting override locations for client SSO files

The BMC Server Automation system of single sign-on stores SSO user information in the following files:

• Authentication profile file
• Session credential cache file
• Trusted keystore

Each of these SSO files resides at a default location. If necessary, you can instruct a client application to use a file in a different location. The following sections explain how to override locations for SSO files for the different BMC Server Automation client applications:

• SSO file locations for BLCLI
• SSO file locations for Network Shell

Authentication profile file

Authentication profiles are collections of information that a BMC Server Automation client application needs to log into the BMC Server Automation Authentication Service. All authentication profiles are stored within a single XML file. Within that file each authentication profile must have a unique name. By default, that XML file resides at <installDirectory>/br/authenticationProfiles.xml.

To create the authenticationProfiles.xml file, you can use the BMC Server Automation Console to generate authentication profiles in their default location (see Setting-up-an-authentication-profile), or you can copy the authenticationProfiles.xml file from a client machine where the console is installed and authentication profiles have already been created.

BMC BladeLogic Decision Support for Server Automation does not need an authentication profile to authenticate users.

Session credential cache file

When an Authentication Service authenticates a user, it issues a session credential. BMC Server Automation clients use session credentials to establish secure sessions with Application Servers and Network Shell proxy servers. BMC Server Automation Console users can choose to cache session credentials. When authenticating with the blcred utility, session credentials are automatically cached.

A standard BMC Server Automation installation uses a default location for caching session credentials, as described below.

Trusted keystore

When a BMC Server Automation client first accesses a middle tier entity (by necessity, the Authentication Service) to authenticate and obtain an SSO credential, the client establishes a TLS connection with that entity. In the course of the TLS handshake, the client is presented with the Authentication Server's self-signed X.509 certificate. The user is asked to trust the certificate. If the user does, the certificate is added to the client's list of trusted certificates. This list, which is known as a keystore, resides in a default location, as described below:

SSO file locations for BLCLI

To specify alternative locations for SSO files used by the BLCLI, you can either provide command line arguments or define environment variables. A location provided in a command line option takes precedence over a location provided with an environment variable. The following table identifies SSO file locations you can specify for BLCLI and the mechanisms available to provide that information. 

 ~|

 ~|

 ~|

Setting SSO file locations for Network Shell

To specify alternative locations for SSO files used by Network Shell operating in proxy mode, you can define environment variables or make settings in the client's secure file. A location provided in an environment variable takes precedence over a secure file setting. The following table identifies SSO file locations you can specify and the mechanisms available to provide that information. 

 ~|

 ~|

 ~|