USER MANUALS

Authentication

After the user enters the tool, he/she is shown a screen with a form where he/she has to enter the URI of the Scheduler Server he/she wants to connect to. The URI of the server has the format //<host>:<port>/. If the tool has not been configured to use Kerberos or Denodo Single Sign On authentication he/she has to provide his/her user name and password for connecting to it, as shown in Authentication screen.

The Scheduler supports the following authentication methods:

  • Authentication with login and password. To log in, you need to provide a username and a password. The Scheduler servers delegate the authentication to a Virtual DataPort server (see section Virtual DataPort Settings for instructions about how to configure it). It allows accessing to Scheduler with the existing Virtual DataPort users (including the Virtual DataPort “admin” user). Scheduler also retrieves the roles that have been assigned to the user on that server (roles can be created and assigned from the Virtual DataPort Administration Tool, see the Virtual DataPort Administration Guide). Scheduler allows assigning permissions to a specific role, to delimit the tasks a user with that role can perform over the Scheduler server. The permissions are assigned from the Scheduler Administration Tool (see section Permissions for more information).

  • Single sign-on with Kerberos. The browser automatically provides a Kerberos ticket that identifies the user logged in the system. The Scheduler sends it to your Kerberos server, typically an Active Directory, which performs the authentication.

  • Single sign-on with an Identity Provider. The Scheduler delegates the authentication to an external Identity Provider. Currently, the authentication protocols supported are:

    • SAML

    • OAuth

    • OpenID Connect

If the administrator enabled single sign-on with Kerberos or with an Identity Provider but you want to log in with user and password go to https://denodo-server.acme.com:9443/webadmin/denodo-scheduler-admin?auth=login.

Note

You cannot configure Single sign-on with Kerberos and Single sign-on with an Identity Provider at the same time.

Note

Single sign-on is automatically configured when accessing Scheduler from Agora. Also, authentication with login and password is disabled.

Authentication screen

Authentication screen

Scheduler servers allow list

If you want to set a list of allowed Scheduler hostname servers that users can connect to from the Scheduler Web Administration Tool, the parameter allowedSchedulerHostnames can be set in the Scheduler Web Administration Tool configuration file <DENODO_HOME>/conf/scheduler-webadmintool/ConfigurationParameters.properties. This change will take effect the next time the Scheduler Web Administration Tool server restarts.

With this parameter you can specify a list of allowed Scheduler servers, following the format allowedSchedulerHostnames=["host_1","host_2",...,"host_n"]. For example: allowedSchedulerHostnames=["localhost","scheduler1.acme.com","scheduler2.acme.com"].

Connection details

Once authenticated, the information icon shows the host and port of the Scheduler server the administration tool is connected to.

Server host and port

Server host and port

And also the login name of the authenticated user can be checked in Logout link of the User menu.

User Name

User Name

Help menu

From the Help menu you will get direct access to reference materials about the Scheduler: online documentation, tutorials, training courses, videos, and more.

To find out the subscription package you have, you can open the About dialog of the Scheduler.

Help menu

Help menu

Scheduler Server Local Authentication

In every Scheduler server, there is a local user out of the box (with password initially set to “admin”) with administration rights for the server. To connect to a server with that user, open the URL https://denodo-server.acme.com:9443/webadmin/denodo-scheduler-admin/?auth=login/#/local-login (if you use HTTP instead of HTTPS, the port is 9090), and then enter the URI of the Scheduler server and the password of its local administration user.

Note

This feature is disabled when accessing Scheduler from Agora.

Note

Any Virtual DataPort user with administration permissions over the Scheduler server has the same privileges as the local administration user, but VDP-based authentication and roles retrieval is only possible if the connection to the configured Virtual DataPort server is possible. For example, you could not authenticate if the Virtual DataPort server is down, or if it changes its execution port. In those cases, only local-based authentication can take place.

Web Administration Tool Local Authentication

In every Scheduler Web Administration Tool, there is a local user out of the box (with password initially set to “admin”) with permissions to configure the tool (see section Web Configuration). To configure the Web Administration Tool, open the URL https://denodo-server.acme.com:9443/webadmin/denodo-scheduler-admin/#/web-local-login (if you use HTTP instead of HTTPS, the port is 9090), and then enter the password of the local web administration user.

To disable these local user accounts, follow these steps:

  1. Open the file <DENODO_HOME>/conf/scheduler-webadmintool/ConfigurationParameters.properties.

  2. Set this property as follows:

weblogin.enabled=false
Add feedback