Using Kerberos to log in to the Spotfire database

To increase security in your Spotfire implementation, you might want to set up Spotfire Server to authenticate with the Spotfire database on Oracle and Microsoft SQL Server using the Kerberos protocol.

About this task

Note: This only affects how the database connections are authenticated and is not required for Spotfire Analyst clients or web clients to connect to Spotfire Server using the Kerberos authentication method.

Before you begin

Windows Domain Controllers running Windows Server 2008 R2 or later.
A computer with the Microsoft Active Directory Users and Computers MMC snap-in.
A computer with the Microsoft Support Tools installed.
A domain administrator account or a user account which is a member of the built-in Account Operators domain group, or any account with equivalent permissions.
The database server must already be installed and configured for both Kerberos authentication and user name/password authentication.
Microsoft Active Directory is used as Kerberos environment.
If the database is an Oracle database, then download Oracle's latest JDBC driver (ojdbc*.jar) from Oracle's web page.
If the database is a Microsoft SQL Server database, use the bundled Microsoft JDBC driver (sqljdbc*.jar). Version 4.0 of the sqljdc*.jar driver introduced the new authenticationScheme=JavaKerberos directive, which is required.

Procedure

Create a Windows domain account for the Spotfire database.
Create the Spotfire database.
- If you are using SQL Server database: Edit and run the create_databases_ia.bat script. This creates a SQL Server database account and connects it to the previously created Windows domain account. For instructions, see Setting up the Spotfire database (SQL Server with Integrated Windows authentication).
- If you are using Oracle database: Edit and run the create_databases.bat script. This will create a normal Oracle database account that authenticates with user name and password; for instructions on creating the database account, see Setting up the Spotfire database (Oracle).
Oracle database only: Configure the Spotfire database account to the Windows domain account.
Install Spotfire Server.
Install a vendor database driver; see Database drivers.
Configure Kerberos for Java.
Optional: Create a keytab file for the Kerberos service account.
Create a JAAS application configuration for the Spotfire database connection pool.
Register the JAAS application configuration file with Java.
Connect to the Spotfire database by running the bootstrap command or by using the configuration tool; see Configuring the database connection for Spotfire Server using Kerberos (Oracle) or Configuring the database connection for Spotfire Server using Kerberos (SQL Server).