Configure On-Premise License Manager
How to open the Settings dialog
Open the On-Premise Licensing Portal in your browser, and log in with the system administrator user name and password that you specified during the License Server installation.
On the On-Premise Licensing Portal, click
Configure Settings at the top right:
The Settings dialog box will appear:
Note
To open the On-Premise License Server in your browser, use: license-server-address:port, for example, localhost:40892.
General
The General tab (pictured above) has only one setting – Access for everyone. If this is set to on, the License Server is configured as follows:
It gives a license seat to any user registered in your network domain, for all licensed products
License admins do not need to assign licenses to users in the Licensing Portal
License admins cannot revoke a license from a given user
Users don’t need to enter their credentials to get a license seat
All users appear as anonymous.user in the Licensing Portal
LDAP
Settings on the LDAP tab (pictured below) specify the LDAP provider to which the On-Premise License Server connects to get information on user accounts. By configuring LDAP:
License administrators can assign license seats to users by users’ distinguished names ("User DN")
License users enter their User DN and password to take up a license seat
Your teammates can log in to the Licensing Portal by using their User DNs and passwords
 |
Your network administrator can help you specify the values requested in these fields. Here are definitions for them:
Field | Definition |
|---|---|
URL | LDAP server URL |
User DN | User Distinguished Name: The user account used for the "Bind and Search" operation against your LDAP domain – often the login email address |
Password | The password for the User DN LDAP Account – often the login password |
Base | The LDAP Search Base for all License Management users. Any user attempting to log in must be inside the base search. |
User Group DN | User Group Distinguished Name: The Fully Qualified Distinguished Name (FQDN) of an LDAP security group. Users must be a member of this group in order to log in to an ID-based SmartBear product. |
The License Server implements standard LDAP algorithms and should be able to work with any Windows and Linux LDAP providers.
Click Test to check the connection to your LDAP provider. If the connection fails, double-check the settings and check again. Save the changes when you are done.
Configure LDAPS
LDAPS is configured by adding the CA certificate to the application's trusted store. Find out about requesting a CA certificate in our Certificates section, then follow these steps:
Locate file
slm_service.vmoptionsin the License Management installation folder:Windows:
C:\Program Files\SmartBear\LicenseManager\binLinux:
/opt/SmartBear/LicenseManager/bin
Open it in a text editor and add in the following parameters:
1. -Djavax.net.ssl.trustStoreType=PKCS12 2. -Djavax.net.ssl.trustStore=ca_certificate_file.p12 3. -Djavax.net.ssl.trustStorePassword=<password>
Kerberos
If you have a Kerberos server in your network, you can configure settings on the Kerberos tab (see below) to make the On-Premise License Server authenticate users through your Kerberos server. In this case, users will not need to specify their credentials every time they start a SmartBear product.
Ask your network administrator for assistance with specifying these settings’ values.
 |
Click the image to enlarge it.
Click Test to check if the settings are valid. If an error occurs, double-check the settings and try again. Save the changes when you are done.
How settings affect user authentication
The License Server settings specify how the Server gets information on user accounts in your network, and how it authenticates users. The following table provides a brief overview of the setting effect:
Settings | Required | License admin needs to assign licenses to users on On-Premise Licensing Portal | Users need to enter their credentials on product start |
|---|---|---|---|
LDAP | Required | Yes | Yes |
Kerberos | Optional | Yes | No |
Allow for everyone | Optional | No | No |
Save or discard changes
The Save button on a page remains disabled until you change some settings on this page.
The button saves the changes made to this page only.
After you change a setting on some page, the dialog displays the Discard Changes button (initially, the button is hidden). Click it to discard all the changes made to the settings on this page.
About HTTPS
The basic SmartBear On-Premise License Server installation configures the server to handle requests over standard HTTP. In many environments, this is sufficient as the network is trusted. However, some organizations require that all network applications be secured with Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
SmartBear On-Premise License Server supports HTTP over TLS (or HTTPS), but this requires additional manual server configuration. Additionally, you may enable the redirection from HTTP to HTTPS and enable the HTTP Strict Transport Security (HSTS) policy mechanism.
Configure for HTTPS
Follow the below set-up steps. They are for Windows – Linux is similar. Open a ticket with Support if you need assistance:
Acquire a certificate
To authenticate to clients, the On-Premise License Server must have a certificate that serves as proof of identity. Certificates come in two forms: Certificate Authority (CA) signed certificates and self-signed certificates.
Option 1: CA-signed certificate
CA-signed certificates provide an additional level of security because they can be automatically verified and do not rely on human verification. By providing you a certificate, the certificate authority is vouching for your identity. Software systems such as web browsers and the Java Runtime Environment (JRE) include the public keys of the trusted certificate authorities that are used to verify server certificates were vouched for by a trusted CA.
To acquire an SSL CA-signed certificate, contact the appropriate person in your IT department, requesting a Subject Alternative Name (SAN) extension that matches the DNS hostname.Option 2: Self-signed certificate
Self-signed certificates have the advantage of being free and easy to generate. Their disadvantage is that they are not automatically trusted by the products and you have to import them to your browser/system to make a trusted connection.
To acquire a self-signed certificate, use the following commands:Note
Adjust your domain name in the subjectAltName field below.
openssl req -x509 -sha256 -newkey rsa:2048 -keyout slm.key -out slm.crt -addext “subjectAltName = DNS:slm.enterprise” -days 365 openssl pkcs12 -export -in slm.crt -inkey slm.key -out slm.enterprise.p12
Open the folder where License Management is installed:
Copy the certificate file
slm.enterprise.p12to folderSmartbear/LicenseManager/cert.Open
Smartbear/LicenseManager/bin/slm_service.vmoptionsfile and add following entries:-Dserver.port=443 -Dserver.ssl.enabled=true -Dserver.ssl.key-store-type=PKCS12 -Dserver.ssl.key-store=../cert/slm.enterprise.p12 -Dserver.ssl.key-store-password=certificate_store_password # optional if certificate_store is not secured by password
Restart SLM License Manager service:
Next steps
After installing and configuring the On-Premise License Server, you can add licenses to it and assign them to users in your network. See Add Licenses and Assign Licenses to Users.