TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation

More documents

Recommendations

Info

Authentication and User Directory krb5.conf This file is located in /jdk/jre/lib/security/ and contains information about the Kerberos realm and Windows Domain. the following values need to be changed: • MYDOMAIN: This is the Kerberos realm. It is equal to the Windows Domain and written in upper case. • mydomain: This is the Windows Domain. It is written in lower case. • mydc: This is the name of the domain controller. It is written in lower case. Note: Make sure to use correct case for these values. Copy this file to all Spotfire Servers. Verify that the Keytab Files Work The file spotfire.keytab should now be in the directory /jdk/jre/lib/security/ In the folder jdk/jre/bin there are a number of tools that can help you verify and troubleshoot the spotfire.keytab file. You can verify that the spotfire.keytab file works as intended by entering the following command in a command prompt on the Spotfire Server: > kinit.exe -k -t spotfire.keytab HTTP/myServer.mydomain[:port]@MYDOMAIN If the spotfire.keytab file is correct, and works as intended, a ticket cache file will be created. Example for Windows Server 2008: C:\Users\\krb5cc_ Important! As soon as you have verified that the ticket cache was created, you must delete the ticket cache file. You can also check the contents of the spotfire.keytab file using the following command. It will list the principal name and security credentials. > klist.exe -k -t -K spotfire.keytab For other troubleshooting tools, see Microsoft documentation about Kerberos. Configuration Console After everything is prepared on the Domain Controllers and Spotfire Servers, you need to configure the Spotfire system to use Kerberos. This is done in the configuration console. You need to specify the Server Principal Name that you have created for the Spotfire server, for example HTTP/spotserver.research.example.com. 72 (144) TIBCO Spotfire® Server 3.2.2
Authentication and User Directory For more information on how to use the Configuration Console, see its help. Note: When configuring Kerberos authentication in a load balanced environment, provide the fully qualified Service Principal Name of the load balancer, not any of the Spotfire Servers. 8.3.2 X.509 Client Certificate With this authentication method, users are authenticated through an automatic transcript of an X.509 Client Certificate from the Spotfire client to the Spotfire Server. When users log in using this method, their usernames are automatically stored in the Spotfire database, and instead of passwords, the certificates are used, creating a single sign-on solution. A prerequisite of this authentication method is that the Spotfire Server, or the load balancer, if present, must be configured to use the HTTPS protocol to communicate with the clients. See the sections “Setting up HTTPS on a Spotfire Server” on page 86 and “Load Balancer Configuration” on page 60 for more information about this. To configure Spotfire to use X.509 Client Certificates, the following steps must be performed: 1 Obtain or create a client certificate. 2 Install the certificate onto clients. 3 Configure a server to trust the client certificates. 4 Configure the servers to require client certificates. 5 Configure a load balancer, if present, to forward the client certificates to the server. 6 Configure the servers to use client certificates to authenticate users. Note: If you perform only steps 1 through 4, the server will require client certificates, but can still be configured to use a username and password login mechanism. If required, this would provide a very secure solution. Obtain or Create a Client Certificate How to obtain or create a client certificate is different for every provider. Please turn to your provider for information about this. In the section “Creating and Installing a Self- Signed Client Certificate” on page 95, an example of how to create a self-signed certificate using Microsoft Certificate Services is outlined. Install the Certificate onto Clients Installing a certificate is normally done with Internet Explorer on the client. By connecting to the web page of the certificate provider, it should be possible to select to install the certificate. See the section “Creating and Installing a Self-Signed Client Certificate” on page 95 for an outline of how to do this with a self-signed certificate created by Microsoft Certificate Services. Configure a Server to Accept the Client Certificates TIBCO Spotfire® Server 3.2.2 73 (144)
Page 1 and 2:
TIBCO Spotfire ® Server 3.2.2 Inst
Page 3 and 4:
Contents 1 Installation Planning 6
Page 5 and 6:
10 Backup and Restore 128 10.1 Over
Page 7 and 8:
Installation Planning The Web Playe
Page 9 and 10:
Installation Planning If you are ru
Page 11 and 12:
Installation Planning When you set
Page 13 and 14:
Installation Planning Which port nu
Page 15 and 16:
Installation Planning Before you co
Page 17 and 18:
Installing Spotfire Server 3.2 2.2.
Page 19 and 20:
Installing Spotfire Server 3.2 The
Page 21 and 22: Installing Spotfire Server 3.2 •
Page 23 and 24: Installing Spotfire Server 3.2 If y
Page 25 and 26: Installing Spotfire Server 3.2 Clic
Page 27 and 28: Installing Spotfire Server 3.2 tha
Page 29 and 30: Installing Spotfire Server 3.2 2.6
Page 31 and 32: Migration from 10.1 3.2 Prerequisit
Page 33 and 34: Migration from 10.1 The values prom
Page 35 and 36: Migration from 10.1 3.7 Log Files I
Page 37 and 38: Upgrade from 3.0 or 3.1 to 3.2 4 Up
Page 39 and 40: Upgrade from 3.0 or 3.1 to 3.2 Belo
Page 41 and 42: Upgrade from 3.0 or 3.1 to 3.2 Data
Page 43 and 44: Upgrade from 3.0 or 3.1 to 3.2 Data
Page 45 and 46: Upgrade from 3.0 or 3.1 to 3.2 Upgr
Page 47 and 48: Configure the System 5 Configure th
Page 49 and 50: Configure the System You can also r
Page 51 and 52: Configure the System Note: This inf
Page 53 and 54: Configure the System 1 In the confi
Page 55 and 56: Configure the System privileges to
Page 57 and 58: Spotfire Administrative Tasks 6.2.3
Page 59 and 60: Load Balancing 7 Load Balancing Thi
Page 61 and 62: Load Balancing # Load the mod_jk mo
Page 63 and 64: Load Balancing # Convert usernames
Page 65 and 66: Authentication and User Directory 8
Page 67 and 68: Authentication and User Directory C
Page 71: Authentication and User Directory H
Page 77 and 78: Authentication and User Directory c
Page 79 and 80: Authentication and User Directory E
Page 81 and 82: Authentication and User Directory U
Page 83 and 84: Authentication and User Directory M
Page 85 and 86: Advanced Procedures Included in the
Page 87 and 88: Advanced Procedures the certificate
Page 89 and 90: Advanced Procedures Comment: There
Page 91 and 92: Advanced Procedures 9.5 Configuring
Page 93 and 94: Advanced Procedures The file krb5.c
Page 95 and 96: Advanced Procedures Add Spotfire Se
Page 97 and 98: Advanced Procedures 1 Open Tools >
Page 99 and 100: Advanced Procedures # Configure SSL
Page 101 and 102: Advanced Procedures 9.11 Preventing
Page 103 and 104: Advanced Procedures sqlplus @DBServ
Page 105 and 106: Advanced Procedures 9.16.2 For Wind
Page 107 and 108: Advanced Procedures • DB2 (DataDi
Page 109 and 110: Advanced Procedures Comment: You wi
Page 111 and 112: Advanced Procedures display-name dr
Page 113 and 114: Advanced Procedures catalog-namepat
Page 115 and 116: Advanced Procedures date-timelitera
Page 117 and 118: Advanced Procedures oracle Oracle
Page 119 and 120: Advanced Procedures Example: Config
Page 121 and 122: Advanced Procedures 1 Log into TIBC
Page 123 and 124:
Advanced Procedures 9.19.2 Configur
Page 125 and 126:
Advanced Procedures Servers will be
Page 127 and 128:
Advanced Procedures 9 Click Start C
Page 129 and 130:
Backup and Restore • HTTPS (see t
Page 131 and 132:
Technical Reference 11 Technical Re
Page 133 and 134:
Technical Reference 11.1.4 Console
Page 135 and 136:
Technical Reference Jakarta Service
Page 137 and 138:
Technical Reference Note: The v
Page 139 and 140:
Technical Reference page 47 for mor
Page 141 and 142:
Technical Reference Example: jdbc:t
Page 143 and 144:
Uninstall 12 Uninstall 12.1 Server
show all

TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?