Book a Demo
« previous next »
Pages: [1]

Author Topic: Keystore service with AUTHMETHOD=AM_SSKSGROUP  (Read 6149 times)

Boron

  • EA User
  • **
  • Posts: 111
  • Karma: +6/-0
    • View Profile
Keystore service with AUTHMETHOD=AM_SSKSGROUP
« on: June 17, 2016, 04:32:46 pm »
Hello,

I am experimenting with the keystore service configured to authentication method AUTHMETHOD=AM_SSKSGROUP.
With the configuration seen below I found out the the UserName=g52873 corresponds to the Windows login name. But this way a "group" only consists of one user.
What I would like to have is a group consisting of several users
In our company we have of course no "shared logins", but individual Windows logins.

I would like to have a configuration allowing a list of users to use System Engineering Edition licenses.
Ideally all other users only get Corporate Edition licenses (we only have these two types of licenses in our key store.

Is the AUTHMETHOD=AM_SSKSGROUP the right way to achieve this or is this wrong?

My keystoreService.config file:
Code: [Select]
SERVER_PORT=7770
KEYSTORE_PATH=%SERVICE_PATH%\sskeys.dat
AUTHMETHOD=AM_SSKSGROUP
AUTHMETHOD_OPTIONS=%SERVICE_PATH%\keystoreservice.ssksgroupconfig
My keystoreservice.ssksgroupconfig:
Code: [Select]
GROUP
Name=SysML Users
UserName=g52873
Password=
ENTITLEMENT
Product=RealTimeSuite
Academic=false
END ENTITLEMENT
END GROUP
Logged

Aaron B

  • EA Administrator
  • EA User
  • *****
  • Posts: 941
  • Karma: +18/-0
    • View Profile
Re: Keystore service with AUTHMETHOD=AM_SSKSGROUP
« Reply #1 on: June 21, 2016, 12:50:56 pm »
Individual Windows login names are not relevant when using the AM_SSKSGROUP authentication method.  When using this method, each user must include the name of the group they are authenticating with as part of the keystore address.

We suggest naming your groups more generally.  For example instead of having UserName=g52873, specify it as UserName=sysml.  Any users that require the Systems Engineering edition of EA can then connect to your keystore server using an address like: ssks://mykeystore?user=sysml

Create another group in your ssksgroupconfig file named "corp" (UserName=corp) which has an entitlement for Product=Corporate.  All other users in your scenario would then connect to the keystore using an address like: ssks://mykeystore?user=corp
Logged

Boron

  • EA User
  • **
  • Posts: 111
  • Karma: +6/-0
    • View Profile
Re: Keystore service with AUTHMETHOD=AM_SSKSGROUP
« Reply #2 on: June 21, 2016, 04:56:23 pm »
Hello Aaron,

this is exactly what I was looking for.
My "root problem" was not to know how to add a user name to the keystore server address.

Many thanks for that. This saves us from setting up an additional server (physical or virtual machine) running a second keystore service with only the SysML (System Engineering Edition) licenses.
Logged
Pages: [1]
« previous next »