TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Authentication and User Directory<br />
Example:<br />
<br />
jespa.service.account.name<br />
spotfiressrv$@yourorganization.com<br />
<br />
When you have set these parameters, start the <strong>Spotfire</strong> <strong>Server</strong>.<br />
If you have set a non-encrypted password, you must now replace it with an encrypted<br />
version.<br />
Find the log file /tomcat/logs/spotfire/dss.log and open it. In it,<br />
you will find a warning that says the following:<br />
WARN 2010-05-20 14:30:15,401 [*Initialization*] server.security.JespaAdapter:<br />
Unencrypted jespa.service.password found in web.xml, replace with<br />
jespa.encrypted.service.password set to a+iMktMf8m6lvyf90Zia8hbe6/eVh2Mo<br />
The bold text above is an encrypted version of the password. In the file web.xml,<br />
replace the jespa.service.password parameter with a jespa.encrypted.service.password<br />
with a value of the text string from the log file.<br />
Example:<br />
<br />
jespa.encrypted.service.password<br />
a+iMktMf8m6lvyf90Zia8hbe6/eVh2Mo<br />
<br />
Note: For security reasons, it is important that you replace the jespa.service.password<br />
parameter with the encrypted version. Do not keep the unencrypted password in the<br />
web.xml file.<br />
When this is done, NTLM authentication should work in the <strong>Spotfire</strong> system.<br />
Note: It is not possible to delegate NTLM authentication. This means that even if you<br />
set up your <strong>Spotfire</strong> <strong>Server</strong>(s) to authenticate users with NTLM and your database<br />
server also uses NTLM (Integrated Authentication), the <strong>Spotfire</strong> <strong>Server</strong> will always<br />
authenticate with the database using the Domain User it is running as and never the<br />
logged in <strong>Spotfire</strong> user. If you need user delegation, you must use a single-sign on<br />
method that supports this, such as Kerberos. See the section “Using Kerberos<br />
Authentication with Delegated Credentials” on page 120 for more information about<br />
using delegation with Kerberos.<br />
8.4 User Directory<br />
When users have been authenticated, information about them is loaded from the user<br />
directory. This information is stored in the <strong>Spotfire</strong> database and holds information<br />
about groups and group membership. These users and groups can then be used to set<br />
up permissions in the Administration Manager, found in the <strong>Spotfire</strong> client.<br />
<strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong> 79 (144)