Using Kerberos to log in to the Spotfire database
To increase security in your Spotfire implementation, you might want to set up Spotfire Server to authenticate with the Spotfire database on Oracle and Microsoft SQL Server using the Kerberos protocol.
About this task
Note: This only affects
how the database connections are authenticated and is not required for
Spotfire
Analyst clients or web clients to connect to
Spotfire Server
using the Kerberos authentication method.
Before you begin
- Windows Domain Controllers running Windows Server 2008 R2 or later.
- A computer with the Microsoft Active Directory Users and Computers MMC snap-in.
- A computer with the Microsoft Support Tools installed.
- A domain administrator account or a user account which is a member of the built-in Account Operators domain group, or any account with equivalent permissions.
- The database server must already be installed and configured for both Kerberos authentication and user name/password authentication.
- Microsoft Active Directory is used as Kerberos environment.
- If the database is an Oracle database, then download Oracle's latest JDBC driver (ojdbc*.jar) from Oracle's web page.
- If the database is a Microsoft SQL Server database, use the bundled Microsoft JDBC driver (sqljdbc*.jar). Version 4.0 of the sqljdc*.jar driver introduced the new authenticationScheme=JavaKerberos directive, which is required.
Procedure
- Creating a Windows domain account for the Spotfire database
Creating a Windows domain account for the database is the first step in setting up Kerberos authentication for database connections. - Configuring the Spotfire database account to the Windows domain account
If you are using an Oracle database, this is the third step in setting up Kerberos to log in to the Spotfire database. - Keytab file for the Kerberos service account
There are several methods for creating the keytab file for the Kerberos service account. - Creating a JAAS application configuration for the Spotfire database connection pool
Follow these instructions to create a JAAS application configuration for the Spotfire database connection pool. - Registering the JAAS application configuration file with Java
After you have created the spotfire-database.login file, it must be registered in Java. - Configuring the database connection for Spotfire Server using Kerberos (SQL Server)
If you use an SQL Server database, follow these instructions to configure the database connection for Spotfire Server. - Configuring the database connection for Spotfire Server using Kerberos (Oracle)
If you use an Oracle database, follow these instructions to configure the database connection for Spotfire Server.
Parent topic: Kerberos authentication