BlackBerry Administration Service for Microsoft Exchange Help 5.0 SP3
BlackBerry Administration Service for Microsoft Exchange Help 5.0 SP3

Authenticating devices with content servers

Configuring how BlackBerry devices authenticate to content servers

If you configured the content servers in your organization's environment to use an authentication protocol to authenticate the sources of the data requests that they receive, you can control how BlackBerry® devices authenticate to content servers to receive application data and application updates.

Configure how BlackBerry devices authenticate to content servers

You can configure whether BlackBerry® devices authenticate to content servers directly, or whether the BlackBerry MDS Connection Service authenticates to content servers on behalf of BlackBerry devices. If you configure BlackBerry devices to authenticate directly to content servers but you do not configure an authentication method for BlackBerry MDS Connection Service connections, authenticated BlackBerry devices prompt users to provide login information every 60 minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes.
  1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the HTTP tab, in the Protocol service information section, in the Authentication support enabled drop-down list, perform one of the following actions:
    • If you want BlackBerry devices to authenticate to content servers directly, click No.
    • If you want the BlackBerry MDS Connection Service to store authentication information and perform HTTP authentication on behalf of BlackBerry devices, click Yes.
  5. If necessary, in the Authentication timeout field, type the length of time, in milliseconds, that you want authentication information for BlackBerry devices to remain valid on the content server. By default, the authentication timeout limit is 1 hour.
  6. Click Save all.
After you finish: If you set Authentication support enabled to Yes, configure the BlackBerry MDS Connection Service to authenticate to content servers that use NTLM, Kerberos™, LTPA, or RSA® Authentication Manager on behalf of BlackBerry devices.

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use NTLM

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use Kerberos

Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use LTPA

BlackBerry® devices that are running BlackBerry® Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.
Before you begin: Configure the BlackBerry MDS Connection Service to authenticate to the content servers in your organization's environment on behalf of BlackBerry devices.
  1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the HTTP tab, in the Protocol service information section, in the Cookie support enabled drop-down list, click Yes.
  5. Click Save all.

Configuring the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager

You can configure the BlackBerry® MDS Connection Service to require that BlackBerry device users pass RSA® authentication when they access the Internet or intranet from BlackBerry devices. You can configure the BlackBerry MDS Connection Service to require that users use RSA authentication in one of the following scenarios:
  • when users access every web site and intranet site from devices
  • when users access intranet sites from devices
  • when users access web addresses or intranet addresses that you specify

If you configure the BlackBerry MDS Connection Service to require that users use RSA authentication to access web addresses or intranet addresses that you specify, you can choose to apply this option to specific user accounts or to all user accounts that are associated with a BlackBerry® Enterprise Server instance.

After the RSA Authentication Manager authenticates the devices, if you configured proxy authentication, the devices prompt users to authenticate to the proxy server.

Configure the BlackBerry MDS Connection Service to authenticate devices to the RSA Authentication Manager

Before you begin:
  • Configure the BlackBerry® MDS Connection Service to authenticate to the content servers in your organization's environment on behalf of BlackBerry devices.
  • To specify the web addresses that require RSA® authentication, configure URL patterns and access control rules that restrict user access to specific web addresses or intranet addresses.
  1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the RSA tab, in the Protocol service information section, in the RSA® authentication support drop-down list, select one of the following options:
    • If you want users to use RSA authentication when they access every web address or intranet address, select Turn on globally.
    • If you want users to use RSA authentication when they access the intranet only, select Turn on for Intranet only.
    • If you want users to use RSA authentication for web addresses or intranet addresses that you specify, select Turn on for specific sites only.
  5. In the RSA authentication timeout field, type a number, in minutes, to specify how long devices that the RSA Authentication Manager authenticates can remain connected to your organization's network while the users are active. By default, the authenticated connection persists for 24 hours.
  6. In the RSA inactivity timeout field, type a number, in minutes, to specify how long devices can remain connected to your organization's network while the users are inactive. By default, an authenticated connection persists for 60 minutes of user inactivity on the devices.
  7. Click Save all.
Last updated: 2011-09-16
© 2011 Research In Motion Limited. All Rights Reserved. | Glossary | Legal notice