Determine authentication setting
Spotfire Statistics Services uses user properties, Active Directory (AD), or LDAP to authenticate users. Whether Spotfire Statistics Services checks for credentials depends on the authentication property settings.
The files controlling enabling authentication are the properties files server.properties, users.properties and ldap.properties.
- In a cluster, the properties files (such as ldap.properties) are stored in the conf directory under SPSERVER_SHARE.
- In a standalone installation, the properties files are stored in the conf directory under SPSERVER_HOME.
In the file spserver.properties, enable authentication globally by setting the authentication.required property to true. (It is set to false by default.)
The simplest form of user authentication for Spotfire Statistics Services is an in-memory authentication list, controlled by the file users.properties. If authentication is enabled, this file is always checked first, before LDAP or Active Directory is checked. If neither LDAP or Active Directory is specified, Spotfire Statistics Services checks this file for the user login ID and role. Users for this form of authentication can have access as the roles ROLE_USER, ROLE_ADMIN, or both.
For more sophisticated systems, user credentials for login authentication, e-mail access, and other such activities requiring user access are verified against either the Active Directory or the LDAP provider. To establish authentication with one of these systems, you must set the following properties in the file ldap.properties, according to your organization's requirements.
- If you are using Active Directory for authentication, set the property activeDirectory.enabled to true. (It is set to false by default.)
- If you are using LDAP for authentication, set the property ldap.enabled to true. (It is set to false by default.)
If you enable authentication on the server, and then set these properties to false, the user.properties authentication is used.
If you enable authentication on the server, set either of these properties to true, and then configure the appropriate service correctly, the authentication process accesses the enabled service, and the server searches the database.
If you set either of these properties to true, but if the corresponding service (that is Active Directory or LDAP) is not configured correctly (for example, because the ldap.host property in the ldap.properties file is empty), the authentication process fails silently, and it appears as if the user credentials are wrong. Check the log file for more information. (See configure engine logging.)