Datasynapse GridServer 5.2.x, 6.3.x & 7.0.0 Windows Authentication setup

Products	Versions
TIBCO DataSynapse GridServer	5.2.x, 6.3.x, 7.0

Description

Detailed steps for enabling Windows Authentication on Datasynapse GridServer.

Issue/Introduction

Detailed steps for Windows Authentication setup in Datasynapse GridServer 5.2.x, 6.3.x & 7.0.0

Environment

Windows

Resolution

1. Stop the managers.

2. Install the third-party library JAR with the following command, where version is the version of GridServer you are installing, and the path is the DS_MANAGER path:

java -jar TIB_gridserver_version-lgpl.jar [GS_INSTALL_path]

3. Install the unlimited strength JCE for your Java SDK. The files reside in DS_MANAGER/webapps/livecluster/WEB-INF/etc/jce. Follow the instructions in the README.txt for your SDK to install the files.

4. If you created a GridServer Windows Service, you have to remove it and create it again. Then, start the manager from Primary Director.

5. In the Manager GUI from Primary Director, go to Admin -> User Admin -> Authentication
GridServer Authentication

Select Windows as Authentication Mode
Set your full domain in Windows Domain textbox, in the example, you can see set to dev.tibco.com
Save changes

6. Restart the Primary Director manager.

7. Now the Windows Authentication is setup in the GridServer.

However, we still need to do an additional step on each user’s browser. See the following steps:

8. Browser Configuration (Page 30, from our GridServer 7.0.0 Admin Guide https://docs.tibco.com/pub/dsp_gridserver/7.0.0/doc/pdf/TIB_dsp_gridserver_7.0_grid_admin_guide.pdf )
“Users’ browsers must be configured to use Negotiate authentication. For example, in Microsoft Edge, you add the URL to the Enterprise Mode site list. In Firefox, you use the network.negotiate-auth.trusted-uris config parameter. See your browser’s documentation for details.

If a user’s browser is not configured and they attempt to log in to the Administration Tool, the browser will present them with a challenge popup screen, and they can log in manually.”

For Chrome and Edge:
- From the Control Panel, go to Network and Internet → Internet Options → Security.
- Click Trusted Sites, then click Custom Level.
- Under User Authentication, select Automatic logon with current user name and password. Click OK.

- On the Security tab, click Trusted Sites, then click Sites.
- In the Add this website to the zone field, enter the GridServer server's hostname and click Add. Click Close.

- Note: You can include an asterisk in front of the domain suffix to trust any host name within the AD domain (for example,*.dev.tibco.com).

For Firefox
- In the Firefox address bar, enter about:config. Click I accept the risk!
- Search for the following preferences:
  - network.negotiate-auth.trusted-uris
  - network.automatic-ntlm-auth.trusted-uris
- Double-click each of the preferences and enter any host or domain names in the Enter string value field, separated by commas. Click OK.
- Note: You can add a period in front of the domain suffix to trust any hostname within the domain (for example, .dev.tibco.com).

Additional Information

The above steps were found doing some research over the Web, we tested it at our end, and worked since the credentials popup no longer is popping each time you open a new browser/tap.

Below you will find the articles on how to do what is described above that you can look for future reference:
https://docs.pingidentity.com/bundle/solution-guides/page/lct1569362642501.html
https://docs.pingidentity.com/bundle/solution-guides/page/pto1569440748606.html

Welcome to "KB Articles"