Configure Kerberos Auth on TIBCO Spotfire Server
This article details how to configure Kerberos authentication for TIBCO Spotfire.
- Configured Kerberos Auth on a TIBCO Spotfire server
- Configured Remote Data Processor
For Kerberos Auth, having RDP running on Spotfire Server is preferred. RDP can also be deployed on a Windows device outside the Spotfire Server or Spotfire cluster.
In such case, the following requirements must be met:
- This server has to run within corporate Active Directory.
- Spotfire service account has to available from this device.
- 4444 port has to be available to listen to API responses.
The example below describes configuration with RDP deployed separately.
1. Change Registry Settings
- Access HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
- OR depending on the OS version HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
- Add a new parameter using:
- Value Name: allowtgtsessionkey
- Value Type: REG_DWORD
- Value: 0x01
2. Copy krb5.conf File from TIBCO Spotfire Server to the RDP Machine
Locate and copy krb5.conf file from the TIBCO Server to the device where RDP is running
3. Access Services and Locate Metric Insights Data Processor Daemon on RDP
- Right-click Metric Insights Data Processor Daemon to access Properties
- Choose Log On tab
- Set up "Log On As" for Data Processor Service to work as a service account used on TIBCO Spotfire