TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Load Balancing<br />
• One keytab file must be created. This must use the fully qualified Service<br />
Principal Name of the load balancer.<br />
• This keytab file must be copied to each <strong>Spotfire</strong> <strong>Server</strong>.<br />
• When Kerberos authentication is set up in the configuration console, the fully<br />
qualified Service Principal Name of the load balancer must be provided.<br />
For more information about how to set up Kerberos in the <strong>Spotfire</strong> system, refer to the<br />
section “Kerberos” on page 69.<br />
7.6 X.509 Client Certificate Authentication<br />
To set up X.509 Client Certificate Authentication, a server certificate needs to be in<br />
place. In a clustered environment, the clients see the load balancer as the server, and<br />
the server certificate must therefore be created for and installed on the load balancer.<br />
To work properly, the CA certificate must also be installed on the load balancer. See<br />
the section “Setting up HTTPS in a Load Balanced Environment” on page 97 for more<br />
information about server certificates and how to install them on a load balancer.<br />
7.7 NTLM Authentication<br />
In Windows environments, NTLM may be used to authenticate users to the <strong>Spotfire</strong><br />
system. When using load balancing, the load balancer needs to be configured to<br />
forward NTLM authentication requests and answers.<br />
Apache httpd needs the module mod_auth_sspi.so in order to forward authentication<br />
requests and answers. It must be configured to use this module. Add the following to<br />
the httpd.conf, or to a file included from httpd.conf (for instance mod_auth_sspi.conf):<br />
<br />
LoadModule sspi_auth_module modules/mod_auth_sspi.so<br />
<br />
<br />
AuthType SSPI<br />
SSPIAuth On<br />
SSPIAuthoritative On<br />
SSPIPerRequestAuth On<br />
SSPIDomain domain<br />
# The name of the authentication realm<br />
AuthName "Analytics <strong>Server</strong> through Load Balancer"<br />
# When offering Basic authentication, the Apache service<br />
# must be run as a valid local or domain user<br />
SSPIOfferBasic Off<br />
# Set SSPIOmitDomain to Off to retrieve user names<br />
# as "DOMAIN\User" instead of "User"<br />
SSPIOmitDomain On<br />
62 (144) <strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong>