USER MANUALS

Using Custom Authenticators

JDBC Driver properties

To configure a JDBC connection to Denodo, you must set specific parameters in the driver properties for each authentication protocol.

Basic Authentication

For basic authentication, the client must select database native or basic as the authentication mechanism. In this case, enter the appropriate values in the login and password fields.

Token-Based Authentication

For other authentication methods, the login and password fields must be left blank. Instead, you must set the property of the specific authentication method to true and provide the user’s token in the corresponding driver property.

With these methods, no login information is sent, as the custom authenticator on the server-side will extract the necessary user information directly from the provided token.

The following list details the driver properties to configure for each token-based authentication method:

For each JDBC connection, the parameters to be configured in the driver properties are:

  • Saml: useSaml = true, SAMLResponse = token

  • OAuth: useOAuth2 = true, accessToken = token

  • Denodo Security Token: useDndToken = true, dndToken = token

  • Kerberos: useKerberos = true, accessToken = token

This enables Virtual DataPort to determine which authentication method must use to authenticate the client that is making the connection.

The RESTful web service authentication methods configuration is described in Configuring the RESTful Web Service.

Additional Authentication Information with Custom Parameters

In some situations, during the authenticator process we may need to process additional information that isn’t included in a standard authentication request. This is useful for various purposes, such as optimizing the authentication flow or enabling detailed auditing.

JDBC

To transmit this additional information via JDBC from the client to the customAuthenticator Virtual DataPort is using, simply fill customParameters driver connection property with desired value. The value of this customParameters entry must be a valid JSON string.

Once the authentication system processes the request, this value will be transmitted to the customAuthenticator along with all other properties.

The client must add a JSON-formatted value to the customParameters driver property. For example, a correct value can be:

{"array":[1,2],"bool":true,"string":"hi","number":123,"object":{"a":"b","c":"d"}}

RESTful

The customParameters JSON also could be defined through HTTP headers in denodo-restfulws. To achieve this, set the headers to be included in the property com.denodo.restfulws.customAuthHeaders and restart Virtual DataPort Server. For instance:

SET 'com.denodo.restfulws.customAuthHeaders'='["header1", "header2", "header3"]'

If these headers have the values header1=a, header2=b,c and header3=d the generated JSON included in the customParameters property will be as follows:

{"header3":["d"],"header2":["b","c"],"header1":"a"}
Add feedback