Administration Guide

Local Navigation

Configuring how BlackBerry devices authenticate to content servers

If you configured the content servers in your organization's environment to use an authentication protocol to authenticate the sources of the data requests that they receive, you can control how BlackBerry® devices authenticate to content servers to receive application data and application updates.

Configure how BlackBerry devices authenticate to content servers

You can configure whether BlackBerry® devices authenticate to content servers directly, or whether the BlackBerry MDS Connection Service authenticates to content servers on behalf of BlackBerry devices. If you configure BlackBerry devices to authenticate directly to content servers but you do not configure an authentication method for BlackBerry MDS Connection Service connections, authenticated BlackBerry devices prompt users to provide login information every 60 minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes.
  1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the HTTP tab, in the Protocol service information section, in the Authentication support enabled drop-down list, perform one of the following actions:
    • If you want BlackBerry devices to authenticate to content servers directly, click No.
    • If you want the BlackBerry MDS Connection Service to store authentication information and perform HTTP authentication on behalf of BlackBerry devices, click Yes.
  5. If necessary, in the Authentication timeout field, type the length of time, in milliseconds, that you want authentication information for BlackBerry devices to remain valid on the content server. By default, the authentication timeout limit is 1 hour.
  6. Click Save all.
After you finish: If you set Authentication support enabled to True, configure the BlackBerry MDS Connection Service to authenticate to content servers that use NTLM, Kerberos™, LTPA, or RSA® Authentication Manager on behalf of BlackBerry devices.

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use NTLM

Before you begin: Configure the BlackBerry® MDS Connection Service to authenticate to content servers on behalf of BlackBerry devices.
  1. Navigate to <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\Instance\config.
  2. Configure the MdsLogin.conf file.
For more information about the Java® Authentication and Authorization Service configuration file, visit http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html.

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use Kerberos

Before you begin: Configure the BlackBerry® MDS Connection Service to authenticate to content servers on behalf of BlackBerry devices.
  1. Navigate to <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\Instance\config.
  2. Configure the krb5.conf file.
For more information about the Kerberos™ 5 configuration file, visit web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.3/doc/krb5-admin.html#krb5.conf.

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use LTPA

BlackBerry® devices that are running BlackBerry® Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.
Before you begin: Configure the BlackBerry MDS Connection Service to authenticate to the content servers in your organization's environment on behalf of BlackBerry devices.
  1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the HTTP tab, in the Protocol service information section, in the Cookie support enabled drop-down list, click Yes.
  5. Click Save all.

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to the RSA Authentication Manager

When you turn on RSA® authentication, users must type their login information on their BlackBerry® devices before they can access intranet or Internet content. After users are authenticated, if proxy authentication is configured, the BlackBerry devices prompt users to authenticate to the proxy server.
Before you begin: Configure the BlackBerry MDS Connection Service to authenticate to the content servers in your organization's environment on behalf of BlackBerry devices.
  1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the RSA tab, in the Protocol service information section, in the Authentication support enabled drop-down list, click Yes.
  5. In the Authentication timeout field, type a number, in minutes, to specify how long authenticated BlackBerry devices can remain connected to your organization's network while the users are active. By default, the authenticated connection persists for 24 hours.
  6. In the Inactivity timeout field, type a number, in minutes, to specify how long BlackBerry devices can remain connected to your organization's network while the users are inactive. By default, an authenticated connection persists for 60 minutes of user inactivity on BlackBerry devices.
  7. Click Save all.

Was this information helpful? Send us your comments.