Configuring Openspace to Use Kerberos

If you are using Kerberos with TIBCO Openspace, you must configure Openspace not to display the Openspace login page if the user is already authenticated by Kerberos, and not to display the Openspace logout button.

Prerequisites

TIBCO recommends you back up the config.properties file before amending it. The file is in the ActiveMatrix BPM configuration directory. For example:
  • Openspace:

    C:\ProgramData\amx-bpm\tibco\data\tibcohost\Admin-AMX BPM-AMX BPM Server\data_3.2.x\host\plugins\com.tibco.openspace.login_1.7.1.00n\resources\config.properties

  • Accessible Openspace:

    C:\ProgramData\amx-bpm\tibco\data\tibcohost\Admin-AMX BPM-AMX BPM Server\data_3.2.x\host\plugins\com.tibco.os.a11y.app_1.1.1.005\accessibility\config.properties

Procedure

  1. Open the config.properties file in a text editor.
  2. Ensure that the authenticate property has the value 0 to hide the Openspace login page if the user is already authenticated.
  3. Hide the Openspace logout button by setting the lockdown.showLogoutButton property to false.
  4. Set the client.inactivity.warning and client.inactivity.tick properties to 0.
    This is because Openspace automatically reloads the Openspace URL after it has expired because of inactivity. If a user is still authenticated via Kerberos, Openspace returns to the tab that was in use at the point of expiry.
  5. Save and close the config.properties file.
  6. Log out and log back into Openspace for the changes to take effect.