Product: TIBCO Spotfire®
Why a Computer Account rather than a User Account is necessary while performing NTLM SSO in TIBCO Spotfire Server.
Resolution:
TIBCO Spotfire is using a third-party component Jespa for handling NTLMv2 authentication in Java. See the attached Jespa Operators manual (Filename: Jespa_Operators_Manual.pdf). In this manual, refer to the sections “Requirements”, “Validating NTLM Credentials with the NETLOGON Service” and “Installation” for an explanation regarding why a computer account is required for NTLMv2 authentication to work.
The following is a short description.
==========================
The Jespa NtlmSecurityProvider can validate NTLM credentials using the NETLOGON service on Active Directory domain controllers just as a Windows server would. A Computer account must be created for Jespa to communicate with the NETLOGON service. A regular User account will be rejected by the NETLOGON service. This account will not refer to an actual computer. For this purposes, the Jespa instance using the Computer account is the "computer".
==========================
http://www.ioplex.com/d/Jespa_Operators_Manual.pdf?ts=1388612606
https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-5EEBEC46-47AC-4F37-B976-A5FBF368C242.html
Comments
0 comments
Article is closed for comments.