License Server Help

Configuring user restrictions

Getting started

  1. The administrator of a license server can use the machine username, machine host or by the product to limit a users' access to a license.
  2. Active Directory integration? - Currently, there is no such integration.

Whitelist

The whitelist describes the restrictions imposed on the users who are allowed to obtain licenses from a license server. If the whitelist configuration is empty, any person can obtain a license from the license server, if not listed in the blacklist section. Otherwise, only users who meet the requirements described in the whitelist are allowed to obtain licenses.

NB: Please pay attention: the whitelist rules cause strict access - only users who are listed in the whitelist can use the product licenses listed in it.

Blacklist

The blacklist describes the restrictions imposed on users who are prohibited from obtaining licenses from the license server. If the blacklist configuration is empty, all users described in the whitelist configuration are allowed to obtain licenses. Otherwise, users who meet the criteria described in the blacklist can't get a ticket for an IDE.

Configuration

To configure user restrictions, create a file and describe the access rules in the following format in .json file:

{ "whitelist": [ { "product": "(Intellij IDEA Ultimate|ReSharper Ultimate|CLion)", "userName": "windowsuser.*", "hostName": ".*.itdept.company.net" }, { "product": "(Intellij IDEA Ultimate|ReSharper Ultimate)", "userName": "macuser.*", "hostName": ".*.itdept.company.net" } ], "blacklist": [ { "product": "CLion", "userName": "windowsuser12", "hostName": ".*user12.itdept.company.net" } ] }

where "product" is a license requested by user, "userName" is a username set up on the machine where the product is used, and "hostName" is a host of the machine where the product is used. The properties "product", "userName" and "hostName" accept regular expressions.

To configure your license server to use the configuration .json file:

ZIP distribution

  1. Stop the license server by running <license_server_home>/bin/license-server.sh stop for Linux and Mac OS X or <license_server_home>\bin\license-server.bat stop for Windows.

  2. Set the path to the configuration file by running <license_server_home>/bin/license-server.sh configure --access.config=file:/path-to-configuration-file/access-config.json for Linux and Mac OS X or <license_server_home>\bin\license-server.bat configure --access.config=file:/path-to-configuration-file/access-config.json for Windows, where access-config.json is the configuration file with the restrictions specified as described above.

  3. Start the license server by running <license_server_home>/bin/license-server.sh start for Linux and Mac OS X or <license_server_home>\bin\license-server.bat start for Windows.

MSI distribution

  1. Stop the JetBrains License Service from the Windows Services panel.

  2. Set the path to the configuration file by running <license_server_home>\apps\license-server\bin\license-server.bat configure --access.config=file:/path-to-configuration-file/access-config.json, where access-config.json is the configuration file with the restrictions specified as described above.

  3. Start the JetBrains License Service from the Windows Services panel.

Troubleshooting:

Q: Restriction rules are configured but don't work.

A1: The floating license server tries to apply the access configuration file during start/restart. If the file is not found or has a syntax error, it will be skipped.

How to troubleshoot: When starting the license server you see:

a) the file is not found:

java.io.FileNotFoundException: /path-to-the-file/access-config.json (No such file or directory).

Solution: check the path to the file specified in conf/service-config.properties. The easiest way to compare this path with the real file's location is to paste it into a browser. Fix the path and restart the license server process.

b) if the file has a syntax error:

ERROR e:62 - Failed to parse config located at file:/path-to-the-file/access-config.json with an error description,

for example:

com.fasterxml.jackson.databind.JsonMappingException: Unexpected character (']' (code 93)):.

Solution: check the syntax is correct and restart the process.

These errors are also shown in license-server-stdout.log. http(s)://your-license-server-web-page/check-configuration shows where logs and config files are located on your copy of the license server.

A2: LicenseRequest, sent by a user, doesn’t match the restriction rules.

How to troubleshoot: Compare the request from logs/license-server-stdout.log with the rules. It may differ from the hostname, product, or build version.

Examples:

1)

{ "blacklist": [ { "product": "ReSharper 2017.3", "userName": "(username1|username3|katya)", "hostName": 10.10.10.0 } ] }

In this case, a user WILL GET a license if:

  1. The hostname is not 10.10.10.0;
  2. Or username is not listed;
  3. Or username is like katya123;
  4. Or username is like username333;
  5. Or product is not ReSharper;
  6. Or product is ReSharper but 2017.2 / 2016.1 and so on.

2.

{ "whitelist": [ { "product": "ReSharper 2017.3", "userName": "(username1|username3|katya)", hostName: 10.10.10.0 } ] }
A user WILL NOT GET a license if:

  1. They are among (username1|username3|katya), but hostname differs;
  2. Or the user asks for anything but ReSharper;
  3. Or for ReSharper but not version release 2017.3
  4. Also, nothing will be available for other users although there is no separate blacklist section.

3.

{ "blacklist": [ { "product": "IntelliJ IDEA Ultimate 2017.2", "userName": "(username1|username2)" } ], "whitelist": [ { "product": "GoLand 2017.3", "userName": "(username3|username4|katya)" } ] }
In this case:

  1. username1 and username2 - as well as users not listed in any section at all - will not get any license, because priority is given to whitelist rule.

  2. If you need to restrict the access to anybody but (username3|username4|katya) and allow other users to keep on using other products - you need to remove the whitelist section and add a new one to the blacklist. To match users use regular expressions. Like:

"product": "GoLand 2017.3", "userName": "((?!username3|username4|katya).)*"

this rule will reject requests from all users who are not matched by usernames.

Priority lists

Available from build 16429.

Priority list section has the same format as black or whitelist - it must contain either username, or hostname, or both. In the last case, the server will check strict matching for the pair.

The algorithm of licenses requests handling if the access configuration file has the priority section:

  1. If there are available licenses on the server suiting an IDE request and a user is not blacklisted - the IDE gets the ticket subject to standard procedure.

  2. If there are no available licenses but the user is listed in the priority section - the floating server revokes one of the already occupied licenses and will grant it to the prioritized user. By default, the ticket whose "last-seen" is the oldest, will be revoked. This mechanism is not configurable.

Last modified: 29 March 2018