Configuring TIBCO ActiveMatrix BPM to Use Integrated Windows Authentication With SQL Server

You can configure the communication between TIBCO ActiveMatrix BPM and the database to use Integrated Windows Authentication (IWA) rather than the database user account.

  1. Connect to SQL Server Management Studio 2008 as an administrator of the SQL Server Instance.
  2. Right-click your SQL Server instance and select Properties. The Server > Properties dialog for your SQL Server Instance displays.
  3. Select Security and make sure that SQL Server and Windows Authentication mode is selected.
  4. Click OK to close the Server Properties dialog.
  5. Drill down to SQL_server_instanceSecurity > Logins and right-click on the username of the login that TIBCO ActiveMatrix BPM runs as. By default this user is machinename/Administrator where machinename is the name of the machine where you have installed TIBCO ActiveMatrix BPM. The Login Properties dialog for the username displays.
  6. Select User Mapping.
  7. From the Users mapped to this login box, select BPM to add the current username as a user in the bpm database.
  8. From the Default Schema box, click Browse. The Select Schema dialog displays.
  9. Click Browse and select the amxbpm schema. Click OK twice to close the dialogs.
  10. In the Database role membership for: BPM box, select the following memberships:
    • db_datareader
    • db_datawriter
    • db_ddladmin
    • SqlJDBCXAUser
  11. From the login Properties dialog, click Server Roles. Deselect all the server roles except public.
  12. From the login Properties dialog, click User Mapping.
  13. From the Users mapped to this login box, select Master to add the current username as a user in the Master database.
  14. From the Default Schema box, click Browse. The Select Schema dialog displays.
  15. Click Browse and select the dbo schema. Click OK twice to close the dialogs.
  16. In the Database role membership for: BPM box, select the following memberships:
    • public
    • SqlJDBCXAUser
  17. Login into TIBCO Administrator.
  18. Click Infrastructure > Nodes.
  19. From the Nodes box, select your BPM node and click Stop.
  20. Click Shared Objects > Resource Templates. From the Resource Templates box, select DataSource. The DataSource box is displayed.
  21. Click Advanced Configuration. Click Add to add a new Datasource property.
  22. In the Name box, type integratedSecurity.
  23. In the Value box, type true.
  24. Click Save to save your changes.
  25. Click Infrastructure > Hosts.
  26. From the Hosts box, click systemhost. The systemhost box is displayed.
  27. Click Resource Instances.
  28. Click the All Instances folder and the list of instances displays on the right. Select DataSource. In the Synchronised column, the value is Out of Sync.
  29. Click Install. Once the new datasource is installed, the Action Status should change to Install Successful.
  30. Add the location of the sqljdbc_auth.dll from the folder where you installed your JDBC 2.0 drivers to your PATH system variable, as shown below
    Note: You may need to restart your machine and/or TIBCO ActiveMatrix BPM to pick up the amended PATH variable.
  31. From TIBCO Administrator, click Infrastructure > Nodes.
  32. From the Nodes box, select your BPM node and click Start.