TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Advanced Procedures<br />
9.17.5.4 Using Kerberos Authentication with Delegated<br />
Credentials<br />
Before configuring JDBC Data Sources for Kerberos authentication with delegated<br />
credentials, it must be verified that it is possible for clients to connect to the <strong>Spotfire</strong><br />
<strong>Server</strong> using Kerberos authentication. When the server is correctly set up and<br />
everything works, it is time to proceed to the next step.<br />
To set up Information Services to use delegated Kerberos credentials when making<br />
connections to database servers, the <strong>Spotfire</strong> <strong>Server</strong>’s service account used for<br />
retrieving the ticket-granting ticket (TGT) must be given the permission to delegate<br />
client credentials. In the “Active Directory Users and Computers” control panel on the<br />
domain controller, the “Account” tab of the properties dialog for the service account<br />
contains an “Account is trusted for delegation” check box that can be checked to give<br />
the service account that permission.<br />
After setting up the service account’s delegation rights, a new JDBC Data Source must<br />
be created in the data source template xml. Copy a non-Kerberos definition for the<br />
same type of data source and add the special JDBC connection property<br />
“spotfire.connection.pool.factory.data.source” with the value “kerberos.data.source”.<br />
All JDBC connection properties required to configure the JDBC driver for Kerberos<br />
authentication should also be added. Please consult your database server’s<br />
documentation for more information about configuring the JDBC driver.<br />
Example: Setting up Kerberos authentication with delegated credentials for an Oracle<br />
database<br />
<br />
oracle-kerberos<br />
Oracle Kerberos<br />
oracle.jdbc.OracleDriver<br />
jdbc:oracle:thin:@<host>:<port1521>:<sid><br />
SELECT 1 FROM DUAL<br />
<br />
<br />
spotfire.connection.pool.factory.data.source<br />
kerberos.data.source<br />
<br />
<br />
oracle.net.authentication_services<br />
(KERBEROS5)<br />
<br />
<br />
...<br />
<br />
9.17.5.5 Verifying a Data Source Template<br />
To verify the data source template from <strong>TIBCO</strong> <strong>Spotfire</strong>:<br />
120 (144) <strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong>