Configure On-Premise License Manager

How to open the Settings dialog

  1. Open the On-Premise Licensing Portal in your browser, and log in with the system administrator user name and password that you specified during the License Server installation.

  2. On the On-Premise Licensing Portal, click settings-b.png Configure Settings at the top right:

    Opening the On-Premise License Server settings

    The Settings dialog box will appear:

    The General tab of the Settings dialog box


To open the On-Premise License Server in your browser, use: license-server-address:port, for example, localhost:40892.


The General tab (pictured above) has only one setting – Access for everyone. If this is set to on, the License Server is configured as follows:

  • It gives a license seat to any user registered in your network domain, for all licensed products

  • License admins do not need to assign licenses to users in the Licensing Portal

  • License admins cannot revoke a license from a given user

  • Users don’t need to enter their credentials to get a license seat

  • All users appear as anonymous.user in the Licensing Portal


Settings on the LDAP tab (pictured below) specify the LDAP provider to which the On-Premise License Server connects to get information on user accounts. By configuring LDAP:

  • License administrators can assign license seats to users by users’ distinguished names ("User DN")

  • License users enter their User DN and password to take up a license seat

  • Your teammates can log in to the Licensing Portal by using their User DNs and passwords

The LDAP Settings dialog box

Your network administrator can help you specify the values requested in these fields. Here are definitions for them:




LDAP server URL

User DN

User Distinguished Name: The user account used for the "Bind and Search" operation against your LDAP domain – often the login email address


The password for the User DN LDAP Account – often the login password


The LDAP Search Base for all License Management users. Any user attempting to log in must be inside the base search.

User Group DN

User Group Distinguished Name: The Fully Qualified Distinguished Name (FQDN) of an LDAP security group. Users must be a member of this group in order to log in to an ID-based SmartBear product.

The License Server implements standard LDAP algorithms and should be able to work with any Windows and Linux LDAP providers.

Click Test to check the connection to your LDAP provider. If the connection fails, double-check the settings and check again. Save the changes when you are done.

Configure LDAPS

LDAPS is configured by adding the CA certificate to the application's trusted store. Find out about requesting a CA certificate in our Certificates section, then follow these steps:

  1. Locate file slm_service.vmoptions in the License Management installation folder:

    • Windows:C:\Program Files\SmartBear\LicenseManager\bin

    • Linux:/opt/SmartBear/LicenseManager/bin

  2. Open it in a text editor and add in the following parameters:



If you have a Kerberos server in your network, you can configure settings on the Kerberos tab (see below) to make the On-Premise License Server authenticate users through your Kerberos server. In this case, users will not need to specify their credentials every time they start a SmartBear product.

Ask your network administrator for assistance with specifying these settings’ values.

The Kerberos settings dialog box

Click the image to enlarge it.

Click Test to check if the settings are valid. If an error occurs, double-check the settings and try again. Save the changes when you are done.

How settings affect user authentication

The License Server settings specify how the Server gets information on user accounts in your network, and how it authenticates users. The following table provides a brief overview of the setting effect:



License admin needs to

assign licenses to users on

On-Premise Licensing Portal

Users need to enter

their credentials on

product start









Allow for everyone




Save or discard changes

  • The Save button on a page remains disabled until you change some settings on this page.

    The button saves the changes made to this page only.

  • After you change a setting on some page, the dialog displays the Discard Changes button (initially, the button is hidden). Click it to discard all the changes made to the settings on this page.


The basic SmartBear On-Premise License Server installation configures the server to handle requests over standard HTTP. In many environments, this is sufficient as the network is trusted. However, some organizations require that all network applications be secured with Transport Layer Security (TLS) or Secure Sockets Layer (SSL).

SmartBear On-Premise License Server supports HTTP over TLS (or HTTPS), but this requires additional manual server configuration. Additionally, you may enable the redirection from HTTP to HTTPS and enable the HTTP Strict Transport Security (HSTS) policy mechanism.

Configure for HTTPS

Follow the below set-up steps. They are for Windows – Linux is similar. Open a ticket with Support if you need assistance:

  1. Acquire a certificate

    To authenticate to clients, the On-Premise License Server must have a certificate that serves as proof of identity. Certificates come in two forms: Certificate Authority (CA) signed certificates and self-signed certificates.

    Option 1: CA-signed certificate

    CA-signed certificates provide an additional level of security because they can be automatically verified and do not rely on human verification. By providing you a certificate, the certificate authority is vouching for your identity. Software systems such as web browsers and the Java Runtime Environment (JRE) include the public keys of the trusted certificate authorities that are used to verify server certificates were vouched for by a trusted CA.

    go.gifTo acquire an SSL CA-signed certificate, contact the appropriate person in your IT department, requesting a Subject Alternative Name (SAN) extension that matches the DNS hostname.

    Option 2: Self-signed certificate

    Self-signed certificates have the advantage of being free and easy to generate. Their disadvantage is that they are not automatically trusted by the products and you have to import them to your browser/system to make a trusted connection.

    go.gifTo acquire a self-signed certificate, use the following commands:


    Adjust your domain name in the subjectAltName field below.

    openssl req -x509 -sha256 -newkey rsa:2048 -keyout slm.key -out slm.crt -addext “subjectAltName = DNS:slm.enterprise” -days 365
    openssl pkcs12 -export -in slm.crt -inkey slm.key -out slm.enterprise.p12
  2. Open the folder where License Management is installed:

    License Management install folder
  3. Copy the certificate file slm.enterprise.p12 to folder Smartbear/LicenseManager/cert.

  4. Open Smartbear/LicenseManager/bin/slm_service.vmoptions file and add following entries:

    -Dserver.ssl.key-store-password=certificate_store_password # optional if certificate_store is not secured by password
  5. Restart SLM License Manager service:

    License Management restart

Next steps

After installing and configuring the On-Premise License Server, you can add licenses to it and assign them to users in your network. See Add Licenses and Assign Licenses to Users.

See Also

Publication date: