Is your nsh client configured to use a nsh proxy?
I think it is nsh prompting you for the role, not the blcli.
It is NSH asking for the role, becuase of NSH proxy.
Yes I also wonder if my setup is configured properly to use the NSH PROXY... The secure file on the appserver (which is also the client from where I run the script) is set with the following line:
Is that enough to tell the client to use NSH PROXY?
Yes, I think so, the appserver_protocol=ssoproxy
However it is also recommended to provide authentication profile and profile file xml for it to work on NSH clients.
In your case, appserver_protocol=ssoproxy -> this is what is causing it
if this is the appserver i would leave it as is and just set the BL_AUTH_PROFILE and BL_AUTH_PROFILE_FILE env vars (or whatever they are) if you need to run at the cmd line.
I tried to set the BL_AUTH_PROFILE_NAME and BL_AUTH_PROFILES_FILE variables and it works. I will check and update all my appserver accordingly.
Thanks for your help and advice.
U mentionned it will be better to set the environment variable instead of changing the secure file on the appserver. Does it mean that the Env variables will impact the server as a whole (for all profiles and for NSH initiated from DOS command prompt, "NSH Here" or NSH Console) while the secure will only impact a certain profile?
those two env vars are used when nsh is configured to talk to a nsh proxy. i believe you can also set BL_RBAC_ROLE and that will avoid the prompt.
on the appserver you only need the 'appserver_protocl=ssoproxy'. you shouldn't be using your appserver as a gui machine so there shouldn't be an authprofile on there anyway . i think the appserver will still startup correctly if you put in the profile but it's not needed.
actually, since 8.0.10 and 8.1.02 you don't need to set the profile in the secure file on the client either as long as you only use NSH Here and don't launch nsh from the commandline. the gui now passes down the profile/creds to the nsh windows from custom commands. so you can connect to different nsh proxies w/o having to flip the secure file around.