CONFIGURING BLUEPRISM LOGIN AGENT WITH SSL
Login Agent is required for the BluePrism Infrastructure to Login Interactively using a “Robot” User. These users are configured per Runtime Resource, so each machine should have a “Robot” User explicitly assigned to it.
This is installed on the Runtime Resource using the LoginAgent.msi
Firstly, this will need to use a Service Account to connect to the BluePrism infrastructure. At present, gMSA accounts are not supported for this service so you will need to create a standard Active Directory User Account.
Once BluePrism Login Agent has been installed, it will require configuring with the Encryption Parameters to allow it to connect to the BluePrism Application Server. This will require a “Machine” certificate to allow for the certificate thumbprint to be added to the configuration parameters.
You will need to request/check the certificate at this point in the process, this can be done by using the Certificates MMC. You will need to request a certificate for the machine if there isn’t already an Auto-Enrolled certificate. You will need to note down the certificate thumbprint as this will be required for the encryption parameters in the file.
You will also need to provide the Runtime Users Group access to the Certificate Private Keys. This can be completed by Right Clicking the certificate, selecting “All Tasks” then selecting “Manage Private Keys”.
As part of the Installer, BluePrism Login Agent will create a file called “LoginAgentService” which is situated in the following location: C:\ProgramData\Blue Prism Limited\Automate V3
This file will be configured with the parameters that you specify to the Installer. It will request for the Database Connection Name. This will need to match the “Saved Connection” name in the BluePrism Software Client.
Here is an example of the Default File:
<?xml version=”1.0″ encoding=”utf-8″?>
<workingdirectory path=”C:\Program Files\Blue Prism Limited\Blue Prism Automate\”/>
<value>BluePrism Server Name</value>
You will need to add these additional parameters:
This parameter allows for the BluePrism Login Agent Service to Login to BluePrism using the Active Directory Account specified on the service.
The “THUMBPRINT” section will need to be replaced with the Machine Certificate Thumbprint.
Once these parameters have been added to the file, the BluePrism Login Agent Service will need to be restarted. The Connection to the BluePrism Application Server can be verified via BluePrism Control Room.
At this stage, You should browse to BluePrism Control Room to ensure the “Connected” section is showing as “Yes – Connected”. If this isn’t the case, then this would indicate a problem with the encryption parameters.
You will now be required to configure what happens when the “Robot” user logs in to the Runtime Resource. This is controlled via a BAT file in the machine Start-up Parameters. This is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp for Windows 10.
This will need the following parameters specifying:
/dbconname – This is the “Saved Connection” name.
/sslcert – Again this will require a machine specific certificate Thumbprint.
Here is an example:
start “” /b /Min “C:\Program Files\Blue Prism Limited\Blue Prism Automate\Automate.exe” /resourcepc /public /dbconname “BluePrism Server Name” /sso /sslcert 1212474724745566c88e5f89c0ccd7ce5be79484372782893422
You can verify this works successfully by running this in Command Prompt.