Configuring TrueSight Smart Reporting - Platform to use Kerberos authentication
Kerberos authentication support is available for TrueSight Capacity Optimization on the Linux platform. With support for Kerberos authentication, all components that connect to a database do not use user name and password for authentication.
Kerberos authentication support is available for the following product versions:
- TrueSight Smart Reporting - Platform version 20.02.02
TrueSight Capacity Optimization version 20.02.01.C00006
Important: Follow these steps to install TrueSight Capacity Optimization 20.02.01.C00006
- In the TrueSight Capacity Optimization console, go to Administration > System > Maintenance.
- In the Upload patch or additional package file area on the Maintenance page, click Browse to select the required patch file and click Upload.
- Once the upload is complete, follow the wizard to confirm and install the hotfix.
For detailed instructions, see the TrueSight Capacity Optimization documentation .
This topic describes how to configure TrueSight Smart Reporting - Platform to use the Kerberos authentication.
Before you begin
Ensure that the following conditions are met:
- The TrueSight Smart Reporting - Platform repository schema and the TrueSight Capacity Optimization schema are installed on the same Oracle instance. The TrueSight Smart Reporting - Platform repository user needs access to the TrueSight Capacity Optimization schema.
- The Kerberos client is installed and configured on the server where you installed TrueSight Smart Reporting - Platform.
- TrueSight Smart Reporting - Platform repository user is set as external on the Oracle database, so that they are authenticated by Kerberos.
- Oracle database sessions are automatically reinitialized before they expire.
To configure TrueSight Smart Reporting - Platform for Kerberos authentication
Do the following:
- Stop the TrueSight Smart Reporting - Platform service.
- In the Oracle database, change the database user to External user. Perform the following steps to change the database user:
- In the repository database, run the following command:
ALTER USER <SMARTREPORTINGUSER> IDENTIFIED EXTERNALLY AS '<SMARTREPORTINGUSER>@<domain>';
- Add the user in the Key Distribution Center (KDC) server. Use the following commands in the order shown:
kadmin.local
Use this command to open the kadmin console.addprinc <smartreportinguser>
When prompted, provide the password.getprincs
Use this command to verify that the user is added in the list of princs.
- On the TrueSight Smart Reporting - Platform server, initialize the session for the user. Use the following commands in the order shown:
kinit <smartreportinguser>
klist
Use this command to check the initialized session.
- In the repository database, run the following command:
Update the <TrueSight Smart Reporting - Platform Home>\appserver\webapps\ROOT\WEB-INF\web.xml file. Add following tag after the
JDBCUrl
tag:Note: Verify the krbf.conf file path
If the krb5.conf file is not saved in the default /etc directory, update the krb5.conf file path in the following tag.
<init-param> <param-name>SystemProperty_java.security.krb5.conf</param-name> <param-value>/etc/krb5.conf</param-value> </init-param> <init-param> <param-name>JDBCProperty_oracle.net.authentication_services</param-name> <param-value>(KERBEROS5)</param-value> </init-param> <init-param> <param-name>JDBCProperty_oracle.net.kerberos5_mutual_authentication</param-name> <param-value>true</param-value> </init-param>
Use the following image as a reference. The highlighted section in this image shows the tag to be added:
- On the TrueSight Smart Reporting - Platform database, run the following command:
INSERT INTO Configuration VALUES (1, 'SYSTEM', 'KERBEROSFORALLDATASOURCES', 'TRUE');
- Grant the BCO_REP_ROLE role to the TrueSight Smart Reporting - Platform repository user. Run the following command:
Grant BCO_REP_ROLE to <SMARTREPORTINGUSER>;
- Start the TrueSight Smart Reporting - Platform service.
Comments
Log in or register to comment.