Setting up Kerberos authentication on Spotfire Server
If you intend to use the Kerberos authentication method on your system, the first thing you must do is to set up Spotfire Server to use Kerberos.
The following steps are required to configure Spotfire Server for the Kerberos authentication method. Steps 1-3 are performed as a Domain Administrator. Steps 4-7 are performed in Spotfire Server. See step 1 for a list of the prerequisites.
- Creating a Kerberos service account
Creating a Kerberos service account is the first step in configuring Spotfire Server for the Kerberos authentication method. - Registering Service Principal Names
Registering Service Principal Names (SPN) is the second step in configuring Spotfire Server for the Kerberos authentication method. - Creating a keytab file for the Kerberos service account
Creating the keytab file is the third step in configuring Spotfire Server for the Kerberos authentication method. - Configuring Kerberos for Java
Configuring Kerberos for Java by editing the krb5.conf file is the fourth step in configuring Spotfire Server for the Kerberos authentication method. - Copying the Kerberos service account’s keytab file to Spotfire Server
Copying the keytab file to Spotfire Server is the fifth step in configuring Spotfire Server for the Kerberos authentication method. - Using Kerberos authentication with delegated credentials
Users can authenticate to different data sources using single sign-on login information. The server can delegate the user authentication to the data source, either through Information Services, or through a connector. This is possible only if you use Kerberos single sign-on. - Selecting Kerberos as the Spotfire login method
Selecting Kerberos as the Spotfire login method is the sixth step in configuring Spotfire Server for the Kerberos authentication method. You can use the configuration tool, or use the command line as detailed in this procedure. - Disabling the username and password fields in the Spotfire Analyst login dialog
Because the Kerberos authentication method provides single sign-on capabilities, there is no need to prompt the end user for user name and password in the Spotfire Analyst login dialog. - Kerberos authentication for clustered servers with load balancer
In a clustered environment where Kerberos authentication is used to authenticate users, the load balancer forwards all Kerberos authentication information to the Spotfire Servers. No configuration on the load balancer is needed, but there are certain considerations to take into account when Kerberos authentication is set up.
Parent topic: Kerberos authentication