Managing the Authentication Service

The Authentication Service is a program implemented within a TrueSight Server Automation Authentication Server that is responsible for authenticating users and issuing session credentials.

In TrueSight Server Automation, the Authentication Server is always part of an Application Server when the Application Server type is set to CONFIGURATION or ALL. For TrueSight Server Automation - Data Warehouse, the Authentication Server stands alone and is not associated with any particular Application Server.

A default installation of TrueSight Server Automation - Data Warehouse sets up a stand-alone Authentication Service, called BMC SARA Authentication (Windows) and blauthservice (UNIX). This service authenticates users associated with multiple Application Servers. When a user successfully authenticates, the Authentication Service for reports issues single sign-on (SSO) credentials to the user.

When starting and stopping the Authentication Service, you need the service name, which depends on the operating system.

• On UNIX computers, the Authentication Service name is blauthservice.
• On Microsoft Windows computers, the Authentication Service name is BMC SARA Authentication.

Unlike other TrueSight Server Automation applications, TrueSight Server Automation - Data Warehouse must be able to refresh the SSO credentials for you so that you can run recurring reporting jobs even after the current session ends. The following topics describes how to stop, start, and restart the TrueSight Server Automation Authentication Service for reports:

• • To start the Authentication Service
  • To stop the Authentication Service
  • To restart the Authentication Service
  • To enable credential refreshing

To start the Authentication Service

This topic provides instructions for starting the Authentication Service for reports. Use the procedure for your OS type.

For Unix operating system, perform the following steps:

1. Navigate to the <TSSA-DWInstallationDirectory>/br directory.

2. Type the following command:

   ./blauthservice start

For Windows operating system, perform the following steps:

1. From a command prompt, type the following command:

   services.msc
2. In the Services window, select BMC SARA Authentication and then click Start.

To stop the Authentication Service

This topic provides instructions for stopping the Authentication Service for reports. Use the procedure for your OS type.

For Unix operating system, perform the following steps:

1. Navigate to the <TSSA-DWInstallationDirectory>/br directory.

2. Type the following command:

   ./blauthservice stop

For Windows operating system, perform the following steps:

1. From a command prompt, type the following command:

   services.msc
2. In the Services window, select BMC SARA Authentication and then click Stop.

To restart the Authentication Service

This topic provides instructions for restarting the TrueSight Server Automation Authentication Service for reports. Use the procedure for your OS type.

For Unix operating system, perform the following steps:

1. Navigate to the <TSSA-DWInstallationDirectory>/br directory.

2. Type the following command:

   ./blauthservice restart

For Windows operating system, perform the following steps:

1. From a command prompt, type the following command:

   services.msc
2. In the Services window, select BMC SARA Authentication and then click Restart.

To enable credential refreshing

1. On the server where TrueSight Server Automation - Data Warehouse is installed, start the Application Server Administration console (the blasadmin utility).

2. Specify that the SSO credentials issued by the Authentication Service can be refreshed, by entering the following command:

   set AuthServer isSSOCredRefreshEnabled true

   By default, the installation program for TrueSight Server Automation - Data Warehouse sets this value to true.

3. Specify the maximum amount of time a renewable session credentials can be used by entering the following command:

   set AuthServer MaximumSessionCredentialLifetime <#>

   <#> is a value in minutes. By default the installation program for TrueSight Server Automation - Data Warehouse sets this value in minutes that equals six months. 

4. Specify the duration for any session credentials that the Authentication Server issues by entering the following command:

   set AuthServer SessionCredentialLifetime <#>

   <#> is a value in minutes. In a reports context, credentials can be renewed until the MaximumSessionCredentialLifetime value is reached. 

   
   

   Values of MaximumSessionCredentialLifetime and SessionCredentialLifetime are set as follows: 

   
   

   MaximumSessionCredentialLifetime <  SessionCredentialLifetime	SessionCredentialLifetime is set to the same value as MaximumSessionCredentialLifetime
   MaximumSessionCredentialLifetime = 0 or None	MaximumSessionCredentialLifetime is set to the same value as SessionCredentialLifetime.

   
   

   For information about how to set the SessionCredentialLifetime option, see Configuring the Authentication Service in the TrueSight Server Automation documentation.

5. Specify whether session credentials can be refreshed by a host other than the host to which the credentials were originally issued by entering the following command:

   set AuthServer isSsoRefreshHostnameCheckEnabled true

   BMC recommends that you set this option to false only when the server does not have a static IP address.

6. Restart the Authentication Service.