TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Advanced Procedures<br />
<strong>Server</strong>s will be down this weekend.<br />
Mon, 08 Jan 2007 11:06:42 GMT<br />
123455<br />
<br />
<br />
<br />
9.20 Impersonation<br />
What Is Impersonation?<br />
When the cluster of <strong>TIBCO</strong> <strong>Spotfire</strong> <strong>Server</strong>s is used in conjunction with one or more<br />
<strong>TIBCO</strong> <strong>Spotfire</strong> Web Player servers, which have been configured for certain<br />
authentication methods, for example, NTLM, impersonation also needs to be enabled<br />
on the <strong>TIBCO</strong> <strong>Spotfire</strong> <strong>Server</strong>s for seamless login.<br />
Impersonation means that the <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player is responsible for<br />
authenticating users. Calls from the <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player to the <strong>TIBCO</strong><br />
<strong>Spotfire</strong> <strong>Server</strong> cluster will be made on behalf of the person authenticated.<br />
For example, consider that the <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player server is configured for<br />
certificate authentication. This authentication method is done on the https network<br />
level and there is no user name or password which can be conveyed to the <strong>TIBCO</strong><br />
<strong>Spotfire</strong> <strong>Server</strong> cluster for login. Instead the <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player server is<br />
trusted for impersonation. The <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player server is allowed to make<br />
calls on behalf of any user without the ordinary authentication mechanism. This means<br />
the user will see his/her specific files in the library etc.<br />
Enabling impersonation can pose a potential security issue, which is why this is<br />
disabled by default. To strengthen security there are a number of requirements that can<br />
be imposed on a call in order for it to be allowed to impersonate.<br />
9.20.1 Enabling Impersonation<br />
To enable impersonation, you need to activate it from the <strong>TIBCO</strong> <strong>Spotfire</strong><br />
Configuration Console. There are a number of requirements that you can set up which<br />
decides when to allow impersonation. These requirements are on the impersonate call<br />
from a <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player server to the <strong>TIBCO</strong> <strong>Spotfire</strong> <strong>Server</strong> cluster. All<br />
the requirements you decide to set up must be met for the impersonation call to be<br />
allowed.<br />
If you want to require the impersonation call to be made on https, check the Require<br />
SSL option. If you leave it blank, both http and https are allowed.<br />
The call from a <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player server to the <strong>TIBCO</strong> <strong>Spotfire</strong> <strong>Server</strong><br />
cluster will always require authentication. This is most often done as a certain user<br />
which has been specified in the configuration of the <strong>TIBCO</strong> <strong>Spotfire</strong> Web Player<br />
server. The <strong>TIBCO</strong> <strong>Spotfire</strong> <strong>Server</strong> cluster can be configured to only allow certain<br />
users to be able to issue impersonation calls - typically the very user specified in the<br />
<strong>TIBCO</strong> <strong>Spotfire</strong> Web Player server configuration.<br />
<strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong> 125 (144)