Configuring Authentication and Authorization
To enforce enterprise authentication and authorization requirements in TIBCO FTL realm servers and TIBCO eFTL servers, complete this task.
Procedure
-
Select an authentication service.
Choose one of the following:
-
Configure user names, passwords, and authorization groups.
Configure user credentials either in a flat file, or in your enterprise LDAP, depending on your choice in step 1.For the file syntax of the internal authentication service, see "Using the Internal Flat-File Authentication Service" in TIBCO FTL Administration.
- Ensure that users who run realm servers are in the appropriate authorization groups: ftl-primary, ftl-satellite, ftl-backup, ftl-dr.
- Ensure that administrators who configure the FTL realm are in the group ftl-admin.
- Ensure that users who run FTL application programs or FTL services are in the group ftl.
- Ensure that device users who run eFTL apps are in the appropriate publish and subscribe authorization groups.
- You may also configure other authorization groups to manage access within your enterprise.
-
Start the external authentication service.
- If you chose an external authentication service in step 1, start that service
before starting the realm server processes.
To start the sample external JAAS service, complete the task "Using the External JAAS Authentication Service" in TIBCO FTL Administration.
- If you chose the internal flat-file authentication service in step 1, no further action is necessary, as that service starts automatically when you start the realm server.
- If you chose an external authentication service in step 1, start that service
before starting the realm server processes.
Copyright © Cloud Software Group, Inc. All rights reserved.