Authentication

The Diagnostic & Monitoring Tool supports the following authentication methods:

  1. Local authentication.

  2. LDAP authentication.

  3. Single sign-on with an Identity Provider (IdP).

  4. Single sign-on with Kerberos.

If you have already configured the authentication in your installation, you will not need to configure it again in the Diagnostic & Monitoring Tool. It will reuse the current configuration.

In the Denodo Solution Manager installation, the authentication configuration is managed by Solution Manager. Remember that you can change this configuration in the menu Configuration > Authentication of the Solution Manager Administration Tool.

In the Denodo Platform installation, the Diagnostic & Monitoring Tool relies on the authentication configuration of Virtual DataPort for local authentication, LDAP authentication and single sign-on with Kerberos. This configuration is available in the option Administration > Server configuration > Server authentication of the Virtual DataPort Administration Tool.

If you want to configure single sign-on with an Identity Provider in a Denodo Platform installation, you need to:

  1. Enable single sign-on with an Identity Provider in a Solution Manager.

  2. Open the configuration of the Control Center in your Denodo Platform installation.

  3. Configure the values under the section Denodo Security Token Authentication, taking into account that:

    • Host is the hostname or IP address of the machine where the Solution Manager is installed.

    • Port is the port of the embedded web container in the Solution Manager installation. Its default value is 19090.

    • If you have enabled SSL in the Solution Manager installation, you have to check the Uses SSL/TLS option.

  4. Check the Enable Denodo Single Sign On for web applications option.

  5. Enable the Denodo Secutiry Token Authentication in the Virtual DataPort of your Denodo Platform installation.

Important

If you have configured single sign-on with Kerberos in your installation, remember to access the Diagnostic & Monitoring Tool using the Fully Qualified Domain Name of the Server Principal Name. For example, if your Server Principal Name in a Denodo Platform installation is HTTP/denodo-prod.subnet1.contoso.com@CONTOSO.COM, you should access the Diagnostic & Monitoring Tool through the URL http://denodo-prod.subnet1.contoso.com:9090/diagnostic-monitoring-tool or https://denodo-prod.subnet1.contoso.com:9443/diagnostic-monitoring-tool.