Client Authentication and Authorization
TIBCO eFTL services can use an external authentication service to authenticate and authorize eFTL clients.
For security-enabled clusters, you can authorize eFTL clients to publish or subscribe on a channel for that cluster by assigning them a role, then adding that role to the channel's authorization groups via the administrative UI or the realm JSON configuration file as follows:
- Publish Group — Only eFTL clients with a role that is in this group can publish.
- Subscribe Group — Only eFTL clients with a role that is in this group can subscribe.
To enable authentication and authorization for a cluster of eFTL services, see “Authorization” in Channel Details Panel.
To assign authorization groups to a channel, see Authorization.
One file configures authentication for both the FTL servers and the eFTL services. For an example, see the authentication configuration file in the samples directory.
- JAAS Login Modules
TIBCO eFTL services support JAAS login modules through the TIBCO FTL server.