Configure Kerberos Auth on TIBCO Spotfire Server
This article details how to configure Kerberos authentication for TIBCO Spotfire.
- Configured Kerberos Auth on a TIBCO Spotfire server
- Configured Remote Data Processor
For Kerberos Auth, having RDP running on Spotfire Server is preferred. RDP can also be deployed on a Windows device outside the Spotfire Server or Spotfire cluster.
In such case, the following requirements must be met:
- This server has to run within corporate Active Directory.
- Spotfire service account has to available from this device.
- 4444 port has to be available to listen to API responses.
The example below describes configuration with RDP deployed separately.
- Access HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
- OR depending on the OS version HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
- Add a new parameter using:
- Value Name: allowtgtsessionkey
- Value Type: REG_DWORD
- Value: 0x01
Locate and copy krb5.conf file from the TIBCO Server to the device where RDP is running
- Right-click Metric Insights Data Processor Daemon to access Properties
- Choose Log On tab
- Set up "Log On As" for Data Processor Service to work as a service account used on TIBCO Spotfire