Why a Computer Account rather than a User Account is necessary while performing NTLM SSO in TIBCO Spotfire Server.
Article ID: KB0077828
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
Resolution:
TIBCO Spotfire is using a third-party component Jespa for handling NTLMv2 authentication in Java. See the attached Jespa Operators manual (Filename: Jespa_Operators_Manual.pdf). In this manual, refer to the sections “Requirements”, “Validating NTLM Credentials with the NETLOGON Service” and “Installation” for an explanation regarding why a computer account is required for NTLMv2 authentication to work.
The following is a short description.
==========================
The Jespa NtlmSecurityProvider can validate NTLM credentials using the NETLOGON service on Active Directory domain controllers just as a Windows server would. A Computer account must be created for Jespa to communicate with the NETLOGON service. A regular User account will be rejected by the NETLOGON service. This account will not refer to an actual computer. For this purposes, the Jespa instance using the Computer account is the "computer".
==========================
TIBCO Spotfire is using a third-party component Jespa for handling NTLMv2 authentication in Java. See the attached Jespa Operators manual (Filename: Jespa_Operators_Manual.pdf). In this manual, refer to the sections “Requirements”, “Validating NTLM Credentials with the NETLOGON Service” and “Installation” for an explanation regarding why a computer account is required for NTLMv2 authentication to work.
The following is a short description.
==========================
The Jespa NtlmSecurityProvider can validate NTLM credentials using the NETLOGON service on Active Directory domain controllers just as a Windows server would. A Computer account must be created for Jespa to communicate with the NETLOGON service. A regular User account will be rejected by the NETLOGON service. This account will not refer to an actual computer. For this purposes, the Jespa instance using the Computer account is the "computer".
==========================
Issue/Introduction
Why a Computer Account rather than a User Account is necessary while performing NTLM SSO in TIBCO Spotfire Server.
Additional Information
http://www.ioplex.com/d/Jespa_Operators_Manual.pdf?ts=1388612606
https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-5EEBEC46-47AC-4F37-B976-A5FBF368C242.html
https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-5EEBEC46-47AC-4F37-B976-A5FBF368C242.html
Attachments
Feedback
Yes
No
Powered by
