When you enable AD support in HCP, HCP creates a service principal name (SPN) attribute on the HCP computer account in AD. The SPN attribute initially has attributes for:
•The System Management Console
•The default tenant if it already exists
•Each node in the HCP system
Subsequently, attributes are added for:
•Each tenant that supports AD authentication
•Each namespace that has both the HTTP protocol and AD single sign-on enabled
•The default tenant if support for AD is already enabled when the tenant is created
•Each node added to the HCP system
Each item for which an attribute is created on the SPN is referred to as a single sign-on location. If any of the above single sign-on locations is removed from the system, the attribute for that location is removed from the SPN attribute on the HCP computer account in AD.
AD has a size limit on attributes that applies to the SPN attribute. Any system-level operation in HCP that would cause this limit to be exceeded fails with a message indicating that the failure is related to the number of single sign-on locations. Any tenant-level operation that would cause this limit to be exceeded fails with a message indicating that single sign-on cannot be enabled.
© 2016 Hitachi Data Systems Corporation. All rights reserved.