Author Topic: PCS floating license server and user credentials  (Read 3955 times)

Guillaume

  • EA Practitioner
  • ***
  • Posts: 1348
  • Karma: +42/-2
    • View Profile
    • www.umlchannel.com
PCS floating license server and user credentials
« on: June 07, 2022, 08:04:07 pm »
Hello

I set up a floating server on a Pro Cloud Server so it is available on the HTTPS protocol, instead of the SSKS with the Keystore service.
Based on the tests setting up a user gorup, it seems that users will have to provide a username and password in EA to connect to the server.
Is there a way to make these blank (it works with the keystore) ?

Thanks
Guillaume
Guillaume

Blog: www.umlchannel.com | Free utilities addin: www.eautils.com


Modesto Vega

  • EA Practitioner
  • ***
  • Posts: 1077
  • Karma: +28/-8
    • View Profile
Re: PCS floating license server and user credentials
« Reply #1 on: June 08, 2022, 06:43:00 pm »
Guillaume,

If you are referring to the dialogue appearing when you try to connect to PCS for the first time, a couple of points:
1) This only happens once and should not happen again, unless EA cannot communicate with PCS endpoint.
2) If you are using AD user accounts and groups, it "should" not ask for a user name and a password providing the AD user account belongs to an AD group mapped to PCS group - please see https://sparxsystems.com/enterprise_architect_user_guide/16.0/the_model_repository/pcs_fls_manage_group.html.

Please note the added emphasis. In v4.x, point 2 above worked most of the time with AD user accounts belonging to an AD group mapped to the default group but it did not seem to work for AD user accounts mapped belonging to AD groups mapped to other PCS groups. PCS v4.x has shown some very odd behaviour in this area and we have report it to Sparx Systems.

Guillaume

  • EA Practitioner
  • ***
  • Posts: 1348
  • Karma: +42/-2
    • View Profile
    • www.umlchannel.com
Re: PCS floating license server and user credentials
« Reply #2 on: June 08, 2022, 08:10:25 pm »
Hi Modesto,

Thank you for your reply, however i'm referring to the use of the floating license server installed on a PCS.
When I open the EA license management and add the Shared Key with the server address + port + protocol (https), a User Name + Password must be provided as the PCS Floating license configuration (groups) require credentials to be set.
I was wondering if there was a way to leave it blank since this is possible with the traditional keystore server.


Guillaume

Blog: www.umlchannel.com | Free utilities addin: www.eautils.com


skiwi

  • EA Expert
  • ****
  • Posts: 2080
  • Karma: +46/-82
    • View Profile
Re: PCS floating license server and user credentials
« Reply #3 on: June 09, 2022, 08:39:24 am »
Yes, I came across this and mentioned it obliquely here.
We simply publish the user id and password on our wiki, since obtaining a floating licence does not give you access to the repositories, and we encourage use of the tool.


I did report it to support as follows


1/4/21 7:20 am
is it possible to enable access to the Pro Cloud Server Keystore without requiring either a user id and password?
[image of EA's Shared Keystore Selection dialogue showing User Name and Password fields]

If a user id is mandatory is it possible to not require a password?


Sparx: 1/4/21 7:20 am
Note that the image is for the Keystore. We do recommend that you keep a userid password for this.


6/4/21 5:53 am
My question was about the key server component of PCS (as shown in the image). The old keystore manager did not require a password.
In spite of Sparx recommendation I do not want users to have to supply a user id or password to access the PCS keystore server.
As you note the model security is applied and this is sufficient for our organisation


6/4/21 11:18 am
Let me just say this is unnecessary complexity that it should be possible to opt out of via configuration. Please submit a feature request
Specifically
Please supply an option where the PCS keystore service can be configured to not require a user id or password when accesses from Sparx EA client


Sparx: 7/4/21
Given it is the EA's setting to request a license I have passed this on for further review as issue: 21047404.
We will get back to you.
Orthogonality rules
Using EA16.1 (1627) on Windows 11 Enterprise/64 bit. Repositories in SQLServer2019 DB Schema 1558.
WebEA on Pro Cloud Server 4.2.64

skiwi

  • EA Expert
  • ****
  • Posts: 2080
  • Karma: +46/-82
    • View Profile
Re: PCS floating license server and user credentials
« Reply #4 on: June 09, 2022, 11:45:26 am »
And Sparx Support resupplied me with this


7/4/21
Here is a reply back from the developers:
The legacy keystore had a number of authentication options available, one of which was a simple password (which could be blank) that was used for both administration of the service and for retrieving a license.
 
 Within PCS we have both simplified this and made it more powerful and secure. Now there is one system that allows specifying multiple groups, but those groups can also be bound to an active directory group or OpenID group. Using a linked group would be the only way to prevent a user from needing a group and password, as EA and PCS will determine which groups the user is part of and therefore what entitlements they have automatically.

----
I had a look at these groups but it got too hard, as we didn't have an AD group for all users

Orthogonality rules
Using EA16.1 (1627) on Windows 11 Enterprise/64 bit. Repositories in SQLServer2019 DB Schema 1558.
WebEA on Pro Cloud Server 4.2.64

Guillaume

  • EA Practitioner
  • ***
  • Posts: 1348
  • Karma: +42/-2
    • View Profile
    • www.umlchannel.com
Re: PCS floating license server and user credentials
« Reply #5 on: June 09, 2022, 03:59:28 pm »
Hi swiki,

Thank you for sharing these details. Since blank credentials won't be possible, the workaround will involve creating a short & simple username + password.

Guillaume

Blog: www.umlchannel.com | Free utilities addin: www.eautils.com


Modesto Vega

  • EA Practitioner
  • ***
  • Posts: 1077
  • Karma: +28/-8
    • View Profile
Re: PCS floating license server and user credentials
« Reply #6 on: June 09, 2022, 06:23:11 pm »
Hi Guillaume,

I still cannot picture the problem you are trying to solve. The PCS license store should not ask for credentials each time a user connects to it, if it does there may be a wider problem.

A user name and password is required for maintenance -e.g., requesting, adding, removing, and renewing a PCS license or importing Sparx EA license keys - and, not always, to connect EA to it for the first time.

Guillaume

  • EA Practitioner
  • ***
  • Posts: 1348
  • Karma: +42/-2
    • View Profile
    • www.umlchannel.com
Re: PCS floating license server and user credentials
« Reply #7 on: June 10, 2022, 12:59:50 am »
Hi Modesto,

The credentials are only required once when the user configures EA with the floating license server. So this is indeed a limited issue.
We're planning to move from an SSKS to HTTPS protocol based server so each user will have to change the details. As regard, I'm looking for the easiest process when updating the license server details, based on the fact that the previous KeyStore allows having blank values in the username and password fields (EA > Help > Register & Manage license keys > Add Key > Get Shared Key > Shared Keystore).

Guillaume

Blog: www.umlchannel.com | Free utilities addin: www.eautils.com