Service principal name attributes for HCP
When you enable Active Directory (AD) support in HCP, HCP adds values to the service principal name (SPN) attribute of the HCP computer account in AD.
The initial values that HCP adds to the SPN attribute of the computer account in AD are:
- System Management Console
- Default tenant
- Search Console
- Each node in the HCP system
Subsequently, values are added for:
- Each tenant that supports AD authentication
- Each namespace that has both the HTTP protocol and AD single sign-on enabled
- Each node added to the HCP system
Each object for which an SPN value is created is referred to as a single sign-on location. If a single sign-on location for a tenant, namespace, or node is removed from the system, the value for that location is removed from the SPN attribute of the HCP computer account in AD.
AD has a size limit on values that applies to the SPN attribute. Any system-level operation in HCP that causes this limit to be exceeded fails with a message indicating that the failure is related to the number of single sign-on locations. Any tenant-level operation that causes this lmit to be exceeded fails with a message indicating that single sign-on cannot be enabled.