You can translate the question and the replies:

Kerberos vs third party identity provider

The documentation is rather vague on the scope of the different SSO authentication methods There is basically SSO using either Kerberos or a third party integrator using SAML/Oauth etc. Thats clear. Whats not clear however is what parts of the Denodo suite (or tiers if you like) are covered by what. The security trial in this very community states (summarized): * Using an LDAP server * Leveraging Kerberos * **In addition,** users can authenticate to web services in the Denodo Platform using SAML or OAuth 2.0, t * Integration with Credentials Vault So apparantly there is a dependancy as it states "in addition"? Is SAML/OAuth only restricted to web services? And with that you are forced to use Kerberos for the VDP client?
user
28-06-2022 09:01:01 -0400
code

5 Answers

Hello, SAML/OAuth are not restricted to web services only, I could use them for the Denodo Virtual DataPort server authentication. I could customize the user experience when I set-up the authentication by choosing the authentication of my preference. The document [Server Authentication](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/server_configuration/server_authentication/server_authentication) describes the options available for authentication in Virtual DataPort server. The document [Web Services Authentication](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/publication_of_web_services/web_services_authentication/web_services_authentication) shows authentication methods support by SOAP and REST Web services. To authenticate with Single Sign-On, I could enable it in the Solution Manager. The document [Authenticating with Single Sign-On](https://community.denodo.com/docs/html/browse/latest/en/solution_manager/administration/authentication_and_authorization/authenticating_with_sso/authenticating_with_sso) describes how can configure the Single Sign-On in the Solution Manager. I would use these documents as a useful reference. Hope this helps!
Denodo Team
28-06-2022 18:22:06 -0400
code
Well, VDP Admin tool seems to support only basic and kerberos for example.
user
29-06-2022 04:52:37 -0400
Hello, You're right in that that is true for the **VDP administration tool**. It is restricted to native, LDAP, and Kerberos users. For clients generally, there are the previously mentioned authentication methods to the VDP server, depending on how you connect, the details of which are outlined in the linked documentation. Hope this helps!
Denodo Team
30-06-2022 17:12:00 -0400
code
I came up with this overview based on the given documentation. Is this good/correct/usefull? | Protocol | Used with | SSO | MFA | | -------- | -------- | -------- | -------- | | LDAP | Clients | No | No | | Kerberos | Clients | Yes | No | | SAML | The REST web services published by Virtual DataPort  | Yes | Yes, through ADFS | | Oauth | JDBC, ODBC, REST and SOAP web services published from Virtual DataPor | No | No | | Denodo Security Token Authentication | Single Sign On in Denodo applications and to allow Denodo Solution Manager to automate certain administrative actions on other Denodo servers | Between Denodo applications | No |
user
01-07-2022 07:09:59 -0400
Hello, The overview table looks great. Just to add to your understanding of Denodo Security, I would also like to mention that to accomplish single sign-on using an Identity Provider, the Solution Manager includes a system called Denodo Security Token, which uses the authentication protocols: SAML, OAuth, OpenID Connect. In addition, the Solution Manager also supports Kerberos authentication. The knowledge base document [Denodo Security Overview](https://community.denodo.com/kb/en/view/document/Denodo%20Security%20Overview) describes an overview of Denodo Security. I would use these documents as a useful reference. Having said that, Denodo also offers a comprehensive set of training courses, taught by technical instructors in-depth guided training in the usage of the Denodo Platform. You can Check out [Denodo training courses](https://www.denodo.com/en/denodo-platform/services/education/training). Hope this helps!
Denodo Team
01-07-2022 19:40:46 -0400
code
You must sign in to add an answer. If you do not have an account, you can register here