Configuring TIBCO ActiveMatrix BPM to Use Integrated Windows Authentication With SQL Server

You can configure the communication between TIBCO ActiveMatrix BPM and the database to use Integrated Windows Authentication (IWA) rather than the database user account.

Procedure

  1. Stop the ActiveMatrix BPM application:
    1. In TIBCO Configuration Tool, on the Create new configurations dialog, click Edit ActiveMatrix BPM > Edit ActiveMatrix BPM Instance.
    2. In the wizard, select Stop AMX-BPM Product Application from the Edit Action to be Performed list.
    3. On the Summary screen, click Configure, then wait until the ActiveMatrix BPM application has stopped.
  2. Connect to SQL Server Management Studio as an administrator of the SQL Server Instance.
  3. Right-click your SQL Server instance and select Properties.
  4. On the Server Properties dialog, select Security and ensure that SQL Server and Windows Authentication mode is selected.
  5. Click OK to close the Server Properties dialog.
  6. Drill down to SQL_server_instance > Security > Logins, right-click on the user name of the login that TIBCO ActiveMatrix BPM runs as, then select Properties.

    By default this user is machinename/Administrator, where machinename is the name of the machine on which you have installed TIBCO ActiveMatrix BPM.

  7. Configure the bpm database:
    1. On the Login Properties dialog, select User Mapping.
    2. From the Users mapped to this login box, select bpm to add the current user name as a user in the bpm database.
    3. From the Default Schema column for the bpm database, click Browse.
    4. On the Select Schema dialog, click Browse and select the amxbpm schema.
    5. Click OK twice to close the dialogs.
    6. In the Database role membership for: bpm box, select the following memberships:
      • db_datareader
      • db_datawriter
      • db_ddladmin
      • public
      • SqlJDBCXAUser
    7. From the Login Properties dialog, click Server Roles, then deselect all of the server roles except public.
  8. Configure the master database:
    1. From the Login Properties dialog, click User Mapping.
    2. From the Users mapped to this login box, select master to add the current username as a user in the master database.
    3. From the Default Schema column for the master database, click Browse.
    4. On the Select Schema dialog, click Browse and select the dbo schema.
    5. Click OK twice to close the dialogs.
    6. In the Database role membership for: master box, select the following memberships:
      • public
      • SqlJDBCXAUser
  9. Update all of the datasources:
    1. Click Shared Objects > Resource Templates.
    2. In the upper-left pane, select "JDBC " in the Type field, select Environment and choose "BPMEnvironment", then select Application.
    3. Select a datasource from the list in the Resource Templates box.
    4. In the lower pane, select the Advanced tab, then click Add in the Connection Properties section to add a new datasource property.
    5. In the Name box, type "integratedSecurity".
    6. In the Value box, type "true".

    7. Click Save to save your changes.

      You are prompted to apply the changes in the resource template to the runtime.

    8. Click Save to apply the changes to the runtime.
    9. Repeat steps 9c - 9h for each datasource.
  10. Re-install the JDBC datasource resource instances:
    1. Click Infrastructure > Hosts.
    2. From the Hosts box, click SystemHost.
    3. In the SystemHost section, click the Resource Instances tab.
    4. Select the All Instances folder in the left pane.
    5. In the View field, choose JDBC.
    6. Select a datasource instance, then click Install.

      When the datasource has finished installing, the Action Status changes to Install Successful.

    7. Repeat steps 10e - 10f for each datasource instance.
  11. Copy the sqljdbc_auth.dll file from the folder where you installed your JDBC drivers, and paste it into a directory specified in the PATH system variable (for example, C:\Windows\system32).
  12. Restart the BPM node.
    1. From ActiveMatrix Administrator, click Infrastructure > Nodes.
    2. From the Nodes box, select your BPM node and click Restart.

    When the BPM node is fully restarted, the JDBC resource instances will appear as 'Running' and 'In Sync', with the Action History reporting 'Install Successful' (also, the ActiveMatrix BPM application (amx.bpm.app) will be 'Stopped' and 'In Sync'). When the BPM node is fully restarted, you can proceed to the next step.

  13. Restart the ActiveMatrix BPM application:
    1. In TIBCO Configuration Tool, on the Create new configurations dialog, click Edit ActiveMatrix BPM > Edit ActiveMatrix BPM Instance.
    2. In the wizard, select Start AMX-BPM Product Application from the Edit Action to be Performed list.
    3. On the Summary screen, click Configure, then wait until the ActiveMatrix BPM application has started.