TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation

More documents

Recommendations

Info

Authentication and User Directory 8.2.3 Windows NT Domain With this authentication method, users are authenticated with a Windows NT Domain. To be able to use this method, you must have a working Windows NT 4 Server Domain Controller or a Windows Server 2000 (or later) Domain Controller running in Mixed Mode. When users log in using this method, their usernames are automatically stored in the Spotfire database, but all other authentication information, such as passwords, resides only on the Windows NT Domain Controller. This solution should only be used in combination with legacy Windows NT 4 environments. To set it up, you need to provide the name of the domain in the configuration console. 8.2.4 Custom JAAS Module The authentication methods above are all implemented as Java Authentication and Authorization Services (JAAS) modules. Spotfire also supports third-party JAAS modules, and you may therefore use a JAAS module of your own, or one or from a third-party supplier. Such a module must use username and password authentication (specifically, it must use NameCallback and PasswordCallback methods) to be used in Spotfire. You must specify the following options in the configuration console: Implementation Class Flag Key value pair This option specifies the name of your custom JAAS module. This option specifies how flags are to be handled. This option can contain any other key value pair that your custom JAAS module needs or can handle. If you lack any of this information, you need to speak to the person that provided you with the Custom JAAS module and that can assist you before you can set up Custom JAAS authentication. Note: When using a custom JAAS module, you need to place the module file in the /tomcat/webapps/spotfire/WEB-INF/lib directory on all Spotfire Servers. 8.3 Single Sign-on Authentication With a single sign-on solution, users do not authenticate using username and password when they start Spotfire. Instead, their Windows login or a client certificate is used to verify the user. Spotfire is able to handle a number of different single sign-on solutions: • Kerberos • X.509 Client Certificate • NTLM (NT LAN Manager version 1) All three methods are configurable in the configuration console. 68 (144) TIBCO Spotfire® Server 3.2.2
Authentication and User Directory 8.3.1 Kerberos Kerberos is a single sign-on protocol that sends encrypted user information from a client across the network to the authentication server. Kerberos works in LDAP environments and is considered to have strong security. If you intend to use Spotfire in an environment where Kerberos is used, this may be a good way of increasing security for the Spotfire system. Note: In a clustered environment, there are certain considerations that must be taken into account. For details about these, see the section “Kerberos Authentication” on page 61. There are several steps that must be taken to set up Kerberos authentication. The following sections outline them step by step. 8.3.1.1 Prepare the LDAP Server How to set up Kerberos with your LDAP server may differ significantly depending on what LDAP server you are using. The instructions provided here will work for a Windows Active Directory. If you are using a different LDAP solution, you may have to provide different settings to the configuration files provided with the Spotfire Server. In order for the Spotfire Server to authenticate with a Windows Domain using Kerberos, the Windows Domain must meet the following prerequisites: • All Domain Controllers must run Windows 2003 Server SP1 or later. • Microsoft Support Tools must be installed. • All computers that will run Kerberos must belong to the same Windows Domain. • All computers in the domain must have synchronized clocks (this should happen automatically when a computer becomes a member of a domain). • All Spotfire users must have user accounts in the Windows Domain. Note: If the Windows Server is an upgrade of a Windows 2000 server, the user accounts may be using encryption mechanisms not supported by Spotfire. Please refer to Microsoft documentation to get around this issue. The following steps must then be performed: 1 Configure LDAP authentication for the Spotfire Server (see the section “LDAP” on page 66 for instructions on how to do this). Make sure this is working as intended. 2 Create a Domain user to be the Spotfire service account. This should be a normal domain user account, and should be named something easy to remember. Make sure it meets the following requirements: • Do not enter a First Name, Initial or Last name for the user account. • Use the same information in the Full Name field as in the User Logon Name field. Make sure there are no spaces in these fields. TIBCO Spotfire® Server 3.2.2 69 (144)
Page 1 and 2:
TIBCO Spotfire ® Server 3.2.2 Inst
Page 3 and 4:
Contents 1 Installation Planning 6
Page 5 and 6:
10 Backup and Restore 128 10.1 Over
Page 7 and 8:
Installation Planning The Web Playe
Page 9 and 10:
Installation Planning If you are ru
Page 11 and 12:
Installation Planning When you set
Page 13 and 14:
Installation Planning Which port nu
Page 15 and 16:
Installation Planning Before you co
Page 17 and 18: Installing Spotfire Server 3.2 2.2.
Page 19 and 20: Installing Spotfire Server 3.2 The
Page 21 and 22: Installing Spotfire Server 3.2 •
Page 23 and 24: Installing Spotfire Server 3.2 If y
Page 25 and 26: Installing Spotfire Server 3.2 Clic
Page 27 and 28: Installing Spotfire Server 3.2 tha
Page 29 and 30: Installing Spotfire Server 3.2 2.6
Page 31 and 32: Migration from 10.1 3.2 Prerequisit
Page 33 and 34: Migration from 10.1 The values prom
Page 35 and 36: Migration from 10.1 3.7 Log Files I
Page 37 and 38: Upgrade from 3.0 or 3.1 to 3.2 4 Up
Page 39 and 40: Upgrade from 3.0 or 3.1 to 3.2 Belo
Page 41 and 42: Upgrade from 3.0 or 3.1 to 3.2 Data
Page 43 and 44: Upgrade from 3.0 or 3.1 to 3.2 Data
Page 45 and 46: Upgrade from 3.0 or 3.1 to 3.2 Upgr
Page 47 and 48: Configure the System 5 Configure th
Page 49 and 50: Configure the System You can also r
Page 51 and 52: Configure the System Note: This inf
Page 53 and 54: Configure the System 1 In the confi
Page 55 and 56: Configure the System privileges to
Page 57 and 58: Spotfire Administrative Tasks 6.2.3
Page 59 and 60: Load Balancing 7 Load Balancing Thi
Page 61 and 62: Load Balancing # Load the mod_jk mo
Page 63 and 64: Load Balancing # Convert usernames
Page 65 and 66: Authentication and User Directory 8
Page 67: Authentication and User Directory C
Page 71 and 72: Authentication and User Directory H
Page 73 and 74: Authentication and User Directory F
Page 75 and 76: Authentication and User Directory 8
Page 77 and 78: Authentication and User Directory c
Page 79 and 80: Authentication and User Directory E
Page 81 and 82: Authentication and User Directory U
Page 83 and 84: Authentication and User Directory M
Page 85 and 86: Advanced Procedures Included in the
Page 87 and 88: Advanced Procedures the certificate
Page 89 and 90: Advanced Procedures Comment: There
Page 91 and 92: Advanced Procedures 9.5 Configuring
Page 93 and 94: Advanced Procedures The file krb5.c
Page 95 and 96: Advanced Procedures Add Spotfire Se
Page 97 and 98: Advanced Procedures 1 Open Tools >
Page 99 and 100: Advanced Procedures # Configure SSL
Page 101 and 102: Advanced Procedures 9.11 Preventing
Page 103 and 104: Advanced Procedures sqlplus @DBServ
Page 105 and 106: Advanced Procedures 9.16.2 For Wind
Page 107 and 108: Advanced Procedures • DB2 (DataDi
Page 109 and 110: Advanced Procedures Comment: You wi
Page 111 and 112: Advanced Procedures display-name dr
Page 113 and 114: Advanced Procedures catalog-namepat
Page 115 and 116: Advanced Procedures date-timelitera
Page 117 and 118: Advanced Procedures oracle Oracle
Page 119 and 120:
Advanced Procedures Example: Config
Page 121 and 122:
Advanced Procedures 1 Log into TIBC
Page 123 and 124:
Advanced Procedures 9.19.2 Configur
Page 125 and 126:
Advanced Procedures Servers will be
Page 127 and 128:
Advanced Procedures 9 Click Start C
Page 129 and 130:
Backup and Restore • HTTPS (see t
Page 131 and 132:
Technical Reference 11 Technical Re
Page 133 and 134:
Technical Reference 11.1.4 Console
Page 135 and 136:
Technical Reference Jakarta Service
Page 137 and 138:
Technical Reference Note: The v
Page 139 and 140:
Technical Reference page 47 for mor
Page 141 and 142:
Technical Reference Example: jdbc:t
Page 143 and 144:
Uninstall 12 Uninstall 12.1 Server
show all

TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation

Create successful ePaper yourself

Delete template?

Save as template?