9 Replies Latest reply on Oct 19, 2012 10:15 AM by Gurneet Singh Chopra

    Problem in configuring NSH Proxy Server

    Gurneet Singh Chopra

      Hi,

       

      I am trying to configure NSH Proxy Server on my Bladelogic Application Server itself.

       

      Please find the user file contents below:

       

      secure:

       

       

       

      default:port=4750:protocol=5:tls_mode=encryption_only:appserver_protocol=ssoproxy:encryption=tls:

      rscd:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls:

       

       

       

       

       

      Please find the blcred cred -list output below:

       

       

      Username:         BLAdmin
      Authentication:   SRP
      Issuing Service:  service:authsvc.bladelogic:blauth://ukmwwemtblg05.emeatst.azts
      t.net:9840
      Expiration Time:  Fri Oct 19 21:58:53 BST 2012
      Maximum Lifetime: Fri Oct 19 21:58:53 BST 2012
      Client address:   156.71.168.196
      Authorized Roles:
          BLAdmins

      Destination URLs:
          service:appsvc.bladelogic:blsess://ukmwwemtblg05.emeatst.aztst.net:9841
          service:proxysvc.bladelogic:blsess://ukmwwemtblg05.emeatst.aztst.net:9842

       

       

      ProxySvcPort is configured to 9842 rightly. However, i am still facing SSO Error while i do nsh on my local Bladelogic Application Server.

       

      SSO Error: Cannot find proxy service URL because no service URLs in the cached credential matched the current authentication profile
      Error in Initializing RBAC User and Role (SSO Proxy)
      Network Shell can be used for local access

       

      Please suggest.

       

      Thanks,

       

      Gurneet

        • 1. Re: Problem in configuring NSH Proxy Server
          Gurneet Singh Chopra

          Here is the problem output i am facing:

           

          ukmwwemtblg05% blcred cred -destroy

          ukmwwemtblg05% blcred cred -acquire

          profile name: defaultProfile

          username: BLAdmin

          password:

          Authentication succeeded: acquired session credential

          ukmwwemtblg05% nsh

          SSO Error: No authentication profile has been successfully loaded. Single Sign-

          On connections require a valid authentication profile.

          Error in Initializing RBAC User and Role (SSO Proxy)

          Network Shell can be used for local access

          • 3. Re: Problem in configuring NSH Proxy Server
            Gurneet Singh Chopra

            Hello Kedar,

             

            As per the article, I have already set the ProxySvcPort rightly. Still facing this issue.

             

            -Gurneet

            • 4. Re: Problem in configuring NSH Proxy Server

              these are probably same steps that were followed already, but revisit them all again. This works for me:

               

              1. Setup the appserver to accept NSH Proxy Requests
              Blasadmin set AuthServer ProxyServiceURLs service:proxysvc.bladelogic:blsess://[appserver_fqdn]:9842
              Blasadmin set appserver ProxySvcPort 9842
              Restart the appserver.

               

              2. Setup the secure file on the client system.

              This is all one line:
              default:protocol=5:auth_profile=defaultProfile:auth_profiles_file=/c/Program Files/<path_to>/authenticationProfiles.xml:appserver_protocol=ssoproxy:tls_mode=encryption_only:encryption=tls

               

              3. Create authentication profile on the client system and acquire credentials

              # blcred authprofile -add
              new profile name: defaultProfile
              authentication server [host:port]: <appserver_hostname>:9840
              authentication type [srp|adk|domainauth|ldap|securid]: SRP

               

              # blcred cred -acquire
              profile name: defaultProfile
              username: BLAdmin
              password:
              Authentication succeeded: acquired session credential

               

              ---------------------

              4. Test

              # nsh
              Pick Role:
              1. RBACAdmins
              2. BLAdmins
              2
              client%

               

              Done.

              • 5. Re: Problem in configuring NSH Proxy Server
                Gurneet Singh Chopra

                Hello Lazar,

                 

                I am already completed with first two steps. After those, i am trying to do nsh on my localhost and not client machine as of now.

                 

                On localhost also, i am not able to do nsh and facing the same SSO error.

                 

                Thanks,

                Gurneet

                • 6. Re: Problem in configuring NSH Proxy Server

                  Hey Gurneet,Your Appserver and Console is on the same machine? invoke nsh on the rcp client machine.

                   

                  NSH through NSH Proxy

                   

                  Configuring appserver to act as an NSH Proxy also:

                  This will start NSH proxy service in default deployment of an appserver on port 9842.

                  1. Login to appserver machine that has appserver installed and running correctly

                  2. Run the command "blasadmin set app proxy 9842"

                  3. Restart appserver. This will start the nsh proxy service on the machine in the default deployment. Confirm it by running nsh command "netstat --an | grep -i 9842".

                  4. Now configure the nsh client (any machine where you are going to invoke nsh including appserver machine). To do that, first create an authentication profile on client machine using the blcred command or UI.

                  blcred authprofile -add -profile <profile name> -host <appservermachinename>:9840 -type srp

                  5. Open …/rsc/secure file and append "appserver_protocol=ssoproxy:auth_profile=<profile name>" to the "default" line in the secure file. Make sure there are no spaces in the line

                  6. Acquire credentials using this profile,

                  "blcred cred -acquire -profile <profile name> -username <username> -password <user’s password>"

                  7. Invoke nsh and it should route through nsh proxy. Confirm in appserver log that you see messages with [BLSSOPROXY]

                  • 7. Re: Problem in configuring NSH Proxy Server
                    Gurneet Singh Chopra

                    Hello D Verma,

                     

                    Yes, my NSH Proxy Server, BL Application Server and NSHPROXYSERVER as on the same host and I am trying to invoke nsh on the same single server.

                     

                    Before I proceed to NSH Client/Client console machine, I wanted to do nsh on the BL Application Server (NSHPROXYSERVER) itself. However, I am facing the SSO error.

                     

                    Thanks,

                     

                    Gurneet

                    • 8. Re: Problem in configuring NSH Proxy Server

                      The problem is in the secure file ,You havn't mentioned the Authentication profile,

                       

                       

                      Currently You have below entry

                      default:port=4750:protocol=5:tls_mode=encryption_only:appserver_protocol=ssoproxy:encryption=tls:

                      rscd:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls:

                       

                       

                      Expected:

                      default:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls:appserver_protocol=ssoproxy:auth_profile=defaultProfile

                      rscd:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls:

                       

                       

                       

                      Now after that acquire the crential and invoke nsh

                      • 9. Re: Problem in configuring NSH Proxy Server
                        Gurneet Singh Chopra

                        Thank you. Its solved now ☺