Configuring Openspace to Use Kerberos

If you are using Kerberos with TIBCO Openspace, you must configure Openspace not to display the Openspace login page if the user is already authenticated by Kerberos, and not to display the Openspace logout button.

Note: Openspace can be configured to use LDAP authentication instead of Kerberos even if the server node is configured for Kerberos authentication, as long as the substitution variable authAllowUsername is set to True. You can do this by specifying &ldap=true or &ldap=false in the Openspace login URL. See TIBCO Openspace User's Guide for more information about the URL.

If &ldap is not specified, the enableldap property in the Openspace config.properties file is used. By default, the property is false. See TIBCO Openspace Customization Guide for more information about config.properties.

For systems that do not use Kerberos, &ldap and enableldap have no effect.

Prerequisites

TIBCO recommends you back up the config.properties file before amending it. The file is in the ActiveMatrix BPM configuration directory. For example:
  • Openspace:

    C:\ProgramData\amx-bpm\tibco\data\tibcohost\Admin-AMX BPM-AMX BPM Server\data_3.2.x\host\plugins\com.tibco.openspace.login_1.7.1.00n\resources\config.properties

  • Accessible Openspace:

    C:\ProgramData\amx-bpm\tibco\data\tibcohost\Admin-AMX BPM-AMX BPM Server\data_3.2.x\host\plugins\com.tibco.os.a11y.app_1.1.1.005\accessibility\config.properties

Procedure

  1. Open the config.properties file in a text editor.
  2. Ensure that the authenticate property has the value 0 to hide the Openspace login page if the user is already authenticated.
  3. Hide the Openspace logout button by setting the lockdown.showLogoutButton property to false.
  4. Set the client.inactivity.warning and client.inactivity.tick properties to 0.
    This is because Openspace automatically reloads the Openspace URL after it has expired because of inactivity. If a user is still authenticated via Kerberos, Openspace returns to the tab that was in use at the point of expiry.
  5. Save and close the config.properties file.
  6. Log out and log back into Openspace for the changes to take effect.