Configure Kerberos Auth on TIBCO Spotfire Server
This article details how to configure Kerberos authentication for TIBCO Spotfire.
PREREQUISITES:
- Configured Kerberos Auth on a TIBCO Spotfire server
- Configured Remote Data Processor
NOTE:
For Kerberos Auth, having RDP running on Spotfire Server is preferred. RDP can also be deployed on a Windows device outside the Spotfire Server or Spotfire cluster.
In such case, the following requirements must be met:
- This server has to run within corporate Active Directory.
- Spotfire service account has to available from this device.
- 4444 port has to be available to listen to API responses.
The example below describes configuration with RDP deployed separately.
1. Change Registry Settings
- Access HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
- OR depending on the OS version HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
- Add a new parameter using:
- Value Name: allowtgtsessionkey
- Value Type: REG_DWORD
- Value: 0x01
2. Copy krb5.conf File from TIBCO Spotfire Server to the RDP Machine
Locate and copy krb5.conf file from the TIBCO Server to the device where RDP is running