Configuring Authentication and Authorization

Complete this task to enforce enterprise authentication and authorization requirements in TIBCO FTL servers and services.

Note: Having secure mode on and authentication not enabled is not a recommended configuration.
    Procedure
  1. Select an authentication service.
    Choose one of the following:
    The FTL server's internal flat-file authentication service
    The sample external JAAS authentication service, in combination with your enterprise's LDAP service
    Another external authentication service
    Tip: In this context, "internal" indicates that the authentication service is inside the FTL server process. "External" indicates that the authentication service is separate from the FTL server, and the FTL server connects to it.
  2. Configure user names, passwords, and authorization groups.
    Configure user credentials either in a flat file, or in your enterprise LDAP, depending on your choice in step 1.
    For the file syntax of the internal authentication service, see "Using the Internal Flat-File Authentication Service" in TIBCO FTL Administration.
    • Ensure that users who run FTL servers are in the authorization group ftl-internal.
    • Ensure that administrators who configure the FTL realm definition are in the group ftl-admin.
    • Ensure that users who run FTL application programs or FTL services are in the group ftl.
    • Ensure that device users who run eFTL apps are in the appropriate publish and subscribe authorization groups.
    • You may also configure other authorization groups to manage access within your enterprise.
  3. Start the external authentication service. Perform one of the following based on whether you chose an external or internal authentication service in step 1.
    If you chose an external authentication service in step 1, start that service before starting the FTL server processes.

    To start the sample external JAAS service, complete the task "Using the External JAAS Authentication Service" in TIBCO FTL Administration.

    If you chose the internal flat-file authentication service in step 1, no further action is necessary, as that service starts automatically when you start the FTL server.
What to do next

Complete the task Securing FTL Servers.