TIBCO Spotfire® Server and Environment - Installation and Administration

Enabling constrained delegation

This is the second step in the process of setting up Kerberos authentication with delegated credentials for your Spotfire implementation. It allows the Spotfire Server to delegate user credentials to nodes.

Procedure

  1. On the domain controller, go to Administrative Tools.
  2. Select Active Directory Users and Computers.
  3. Locate the Spotfire Server service account.
  4. To open the account properties, right-click the account name and then click Properties.
  5. On the Delegation tab, select Trust this user for delegation to specified services only.
    Note: The Delegation tab is visible only for accounts to which SPNs are mapped.
  6. Select Use any authentication protocol, and then click Add.
  7. Click Users or Computers and select each user account or machine account that runs the node manager service on your nodes.
    Note: If the node manager services are run by user accounts, you must first register SPNs for these. See Setting up Kerberos authentication on nodes.
  8. Select the http service for each account, and then click OK.
  9. Click Apply.

What to do next

Enabling constrained delegation on nodes