Configuring Authentication and Authorization

To enforce enterprise authentication and authorization requirements in TIBCO FTL servers and services, complete this task.

1. Select an authentication service.
   Choose one of the following:
   • The FTL server's internal flat-file authentication service
   • The sample external JAAS authentication service, in combination with your enterprise's LDAP service
   • Another external authentication service
   Tip: In this context, "internal" indicates that the authentication service is inside the FTL server process. "External" indicates that the authentication service is separate from the FTL server, and the FTL server connects to it.
2. Configure user names, passwords, and authorization groups.
   Configure user credentials either in a flat file, or in your enterprise LDAP, depending on your choice in step 1.
   For the file syntax of the internal authentication service, see "Using the Internal Flat-File Authentication Service" in TIBCO FTL Administration.
   • Ensure that users who run FTL servers are in the authorization group ftl-internal.
   • Ensure that administrators who configure the FTL realm definition are in the group ftl-admin.
   • Ensure that users who run FTL application programs or FTL services are in the group ftl.
   • Ensure that device users who run eFTL apps are in the appropriate publish and subscribe authorization groups.
   • You may also configure other authorization groups to manage access within your enterprise.
3. Start the external authentication service.
   • If you chose an external authentication service in step 1, start that service before starting the FTL server processes.

     To start the sample external JAAS service, complete the task "Using the External JAAS Authentication Service" in TIBCO FTL Administration.

   • If you chose the internal flat-file authentication service in step 1, no further action is necessary, as that service starts automatically when you start the FTL server.