Skip to Content

Domain authentication

This topic describes the use of domain authentication.

For domain authentication, users authenticate against Microsoft Active Directory. When a user attempts to authenticate, the reports client asks for a user name, domain, and password and passes that information to the reports server. The reports server relays that information to the Authentication Service, which delegates user authentication to the Active Directory domain controller. The Active Directory registry stores the names and passwords of registered users within its Kerberos realm (in Microsoft Windows, a Kerberos realm is an Active Directory domain.) If the domain controller successfully authenticates the user, the user is authenticated and granted a session credential.

Warning

Notes

  • If you are configuring domain authentication for users in ErrorThe referenced document [xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Smart-Reporting-for-Server-Automation.tssrsa254._inclusionsLibrary.Conrefs.WebHome] was not found. for the first time, you must create domain users (user@domainName) in ErrorThe referenced document [xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Smart-Reporting-for-Server-Automation.tssrsa254._inclusionsLibrary.Conrefs.WebHome] was not found. and run ETL with the rbac.properties file.
  • If you do not create domain users in ErrorThe referenced document [xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Smart-Reporting-for-Server-Automation.tssrsa254._inclusionsLibrary.Conrefs.WebHome] was not found., you cannot log on to ErrorThe referenced document [xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Smart-Reporting-for-Server-Automation.tssrsa254._inclusionsLibrary.Conrefs.WebHome] was not found. by using domain authentication.

To implement domain authentication, you can use the following approaches:

  • The most secure approach instructs the ErrorThe referenced document [xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Smart-Reporting-for-Server-Automation.tssrsa254._inclusionsLibrary.Conrefs.WebHome] was not found. Authentication Server to refresh session credentials by consulting Active Directory. Perform the following procedures:
    1. Registering-an-Authentication-Service-in-an-Active-Directory-domain
    2. Configuring-for-domain-authentication
  • A less secure approach allows the ErrorThe referenced document [xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Smart-Reporting-for-Server-Automation.tssrsa254._inclusionsLibrary.Conrefs.WebHome] was not found. Authentication Server to refresh session credentials without consulting Active Directory. Instead, the Authentication Service only checks that users exist and are enabled in the role-based access control (RBAC) system. This approach requires less configuration. If you want to use this approach, you must perform the procedure described in Configuring-for-domain-authentication.

To preconfigure the domain name values

You do not require to manually enter the parameter value for domain name on the login page of , if you preconfigure the domain name values. To preconfigure the values, perform the following steps:

  1. Open the  generic_configuration.properties file located in the <TSSA-DWInstallationDirectory>/shared/ConfigurationManagement directory.
  2. Look for the DOMAIN_NAME_DETAILS parameter.

  3. Set the values and separate multiple values with semicolons.
    You can use the following example as reference when you configure your own values.

    #Preconfigured domain name(s) for Domain Authentication
    DOMAIN_NAME_DETAILS=abc123.domain;ABC.BMC.COM
  4. Confirm that the values are prepopulated in the dropdown on the login page of .
    image-2023-4-11_17-6-51.png
Warning

Note

You do not have to restart the services ( and Authentication Service) after you modify the generic_configuration.properties file.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Smart Reporting for Server Automation 25.4