yes, look in the bladelogicadminstration.pdf, there's a section on setting up the 'ADK' authentication. the flow is something like this:
client => bladelogic authentication service => ADK authentication => access
=> (or) SRP authentication
Thanks Bill, I'll take a look into it.
Hmm, after looking at the manual, I'm still confused about this. Initially, i'm trying to set this up with our Dev system to make sure it works as expected. Our Dev system users SRP authentication. I've configured the NSH Proxy Server side stuff but can't seem to get it working.
When I launch network shell on my workstation, I get this message...
"SSO Error: Could not find a credential in cache file "C:\documents and settings\\application data\bladelogic\bl_sesscc" that matches the current authentication profile.
Error in initializing RBAC user and rool (SSO proxy)
Network shell can be used for local access"
Actually, just checked in my secure file and whilst messing about trying to get it working, I had changed the profile name, I've just changed it back to what it should be and now when launching NSH i get
SSO Error: Cannot find proxy service URL because no service URLs in the cached
credential matched the current authentication profile
Error in Initializing RBAC User and Role (SSO Proxy)
Network Shell can be used for local access
when you launch the gui you need to check the 'cache credentials' box, or you need to use 'blcred' from the commandline to establish credentials.
I just logged into the Dev system which I've setup an NSH proxy on, and logged in ticking the "Save cached session credentials", but after doing this and launching the Network Shell Client, I'm still getting the exact same message as before.
did you set the ProxySvcPort in the blasadmin settings? is there a load balancer or anything in between the app and the client?
No load balancer or anything, and the ProxySvcPort is set...
bladmin>show appserver proxysvcport
after you authenticate w/ the gui, launch the gui again and view the cached credentials - are you getting the right proxysvc url?
also, what's in your secure file ?
I'm not sure, when I click on Show Credential I see a Target Service URL or...
Not sure about the port 9841 bit at the top... shouldn't that match the proxysvcport?
Nothing is set for the authserver explicitly...
Secure file contains
default:port=4750:protocol=5:tls_mode=encryption_only:auth_profiles_file=/c/Program Files/BladeLogic/OM/br/authenticationProfiles.xml:auth_profile=BL Development B (SRP):appserver_protocol=ssoproxy:encryption=tls:
you might need to put quotes around the profile section since it contains spaces.
I just restarted the AppServer again, and deleted the credential, and then re-logged in selecting to cache the credential again, and it seems to have worked now...
I've now got an additional line when I view the credential...
However it's running incredibly slowly. cd'ing to a server or running an ls command in a directory takes nearly 20 seconds to respond!