17.10 - Configuration for Browser Authentication - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

To set up browser authentication, you must configure TDGSS so the client is provided metadata from the Gateway, specifically the client needs IdpUrl and ClientId from the <GlobalValues> section of TdgssUserConfigFile.xml.

To configure TDGSS to provide the values:

  1. Make a backup copy of the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml and save it according to your site standard backup procedures.
  2. Edit TdgssUserConfigFile.xml. Uncomment the <GlobalValues> section and add values for the IdpUrl and ClientId properties:
    <TdgssConfigFile>
        <Header
            Version="1"
            ConfigFileType="User">
        </Header>
        <!--
            To enable, uncomment the GlobalValues section and fill in the
            IdpUrl and ClientId attributes. When backing down to an earlier
            version (e.g. 17.0), comment this entire section out.
        <GlobalValues>
            <IdpConfig
                IdpUrl=""
                ClientId=""
            />
        </GlobalValues>
        -->
    

    Where the <GlobalValues> section properties are:

    Property Description
    IdpUrl Refers to the configured external identity provider.

    Example: IdpUrl="https://sso-idp-dev.iam.teradatacloud.io/.well-known/openid-configuration"

    ClientId The ID of the Gateway that is used during the token exchange.

    Example: ClientId="sso-dev"

  3. If run_tdgssconfig indicates that a TPA reset is required, run:
    tpareset -f “use updated TDGSSCONFIG GDO”