TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Authentication and User Directory<br />
For more information on how to use the Configuration Console, see its help.<br />
Note: When configuring Kerberos authentication in a load balanced environment,<br />
provide the fully qualified Service Principal Name of the load balancer, not any of the<br />
<strong>Spotfire</strong> <strong>Server</strong>s.<br />
8.3.2 X.509 Client Certificate<br />
With this authentication method, users are authenticated through an automatic<br />
transcript of an X.509 Client Certificate from the <strong>Spotfire</strong> client to the <strong>Spotfire</strong> <strong>Server</strong>.<br />
When users log in using this method, their usernames are automatically stored in the<br />
<strong>Spotfire</strong> database, and instead of passwords, the certificates are used, creating a single<br />
sign-on solution. A prerequisite of this authentication method is that the <strong>Spotfire</strong><br />
<strong>Server</strong>, or the load balancer, if present, must be configured to use the HTTPS protocol<br />
to communicate with the clients. See the sections “Setting up HTTPS on a <strong>Spotfire</strong><br />
<strong>Server</strong>” on page 86 and “Load Balancer Configuration” on page 60 for more<br />
information about this.<br />
To configure <strong>Spotfire</strong> to use X.509 Client Certificates, the following steps must be<br />
performed:<br />
1 Obtain or create a client certificate.<br />
2 Install the certificate onto clients.<br />
3 Configure a server to trust the client certificates.<br />
4 Configure the servers to require client certificates.<br />
5 Configure a load balancer, if present, to forward the client certificates to the server.<br />
6 Configure the servers to use client certificates to authenticate users.<br />
Note: If you perform only steps 1 through 4, the server will require client certificates,<br />
but can still be configured to use a username and password login mechanism. If<br />
required, this would provide a very secure solution.<br />
Obtain or Create a Client Certificate<br />
How to obtain or create a client certificate is different for every provider. Please turn to<br />
your provider for information about this. In the section “Creating and Installing a Self-<br />
Signed Client Certificate” on page 95, an example of how to create a self-signed<br />
certificate using Microsoft Certificate Services is outlined.<br />
Install the Certificate onto Clients<br />
Installing a certificate is normally done with Internet Explorer on the client. By<br />
connecting to the web page of the certificate provider, it should be possible to select to<br />
install the certificate. See the section “Creating and Installing a Self-Signed Client<br />
Certificate” on page 95 for an outline of how to do this with a self-signed certificate<br />
created by Microsoft Certificate Services.<br />
Configure a <strong>Server</strong> to Accept the Client Certificates<br />
<strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong> 73 (144)