Service principal name attributes for HCP

When you enable AD support in HCP, HCP creates a service principal name (SPN) attribute on the HCP computer account in AD. The SPN attribute initially has attributes for:

The System Management Console

The default tenant if it already exists

Each node in the HCP system

Subsequently, attributes are added for:

Each tenant that supports AD authentication

Each namespace that has both the HTTP protocol and AD single sign-on enabled

The default tenant if support for AD is already enabled when the tenant is created

Each node added to the HCP system

Each item for which an attribute is created on the SPN is referred to as a single sign-on location. If any of the above single sign-on locations is removed from the system, the attribute for that location is removed from the SPN attribute on the HCP computer account in AD.

AD has a size limit on attributes that applies to the SPN attribute. Any system-level operation in HCP that would cause this limit to be exceeded fails with a message indicating that the failure is related to the number of single sign-on locations. Any tenant-level operation that would cause this limit to be exceeded fails with a message indicating that single sign-on cannot be enabled.

Trademark and LegalDisclaimer

© 2016 Hitachi Data Systems Corporation. All rights reserved.