User Authentication and Session Management
To start the command line interface, log in to the server with the following command from a command prompt:
iem LOGIN
Three arguments are required, SERVER
, USER
,
and PASSWORD
. Provide these arguments in one of the
following three ways:
- Environment variables
- Use
IEM_SERVER
,IEM_USER
, andIEM_PASSWORD
to specify the values of the arguments. - Command line
- Use
--server
,--user,
and--password
to specify the variables on the command line. - Standard Input
- If any arguments are not provided by either of the first two methods, the CLI utility prompts you to provide them.
If the server uses a self-signed certificate for HTTPS interactions, the utility prompts you to accept or decline the certificate. If you choose to trust it, the certificate is cached and used to validate all future interactions with the server.
The --masthead
command line argument can be used
to specify a local file to trust when communicating with the server,
removing the need for this prompt. The masthead file is copied into
the CLI cache directory and used for all future interactions with
the server.
When login is successful, the utility receives a session token
from the server, which it saves to a local configuration file and
uses for future communication. This token is currently invalidated
after 5 minutes of inactivity by the server. You can configure this
time with the setting
_BESDataServer_APIAuthenticationTimeoutMinutes
.Note: If
the root server certificate has changed, for example because the server
signing certificate was rotated, as described in Generating a new encryption key, the authentication might fail
with the following error message:
The server's SSL certificate
is not trusted
. In this case, to solve the problem:- Delete the iem data directory location:
- On Linux systems: /usr/{user}
- On Windows systems: %LOCALAPPDATA%\BigFix
- Authenticate again.