To set up browser authentication, you must configure TDGSS so the client is provided metadata from the Gateway, specifically the client needs IdpUrl and ClientId from the <GlobalValues> section of TdgssUserConfigFile.xml.
To configure TDGSS to provide the values:
- Make a backup copy of the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml and save it according to your site standard backup procedures.
- Edit TdgssUserConfigFile.xml. Uncomment the <GlobalValues> section and add values for the IdpUrl and ClientId properties:
<TdgssConfigFile> <Header Version="1" ConfigFileType="User"> </Header> <!-- To enable, uncomment the GlobalValues section and fill in the IdpUrl and ClientId attributes. When backing down to an earlier version (e.g. 17.0), comment this entire section out. <GlobalValues> <IdpConfig IdpUrl="" ClientId="" /> </GlobalValues> -->
Where the <GlobalValues> section properties are:
Property Description IdpUrl Refers to the configured external identity provider. Example: IdpUrl="https://sso-idp-dev.iam.teradatacloud.io/.well-known/openid-configuration"
ClientId The ID of the Gateway that is used during the token exchange. Example: ClientId="sso-dev"
- If run_tdgssconfig indicates that a TPA reset is required, run:
tpareset -f “use updated TDGSSCONFIG GDO”