17.10 - Single Sign-On Flow - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

JWT validation is done in TDGSS during connection establishment. TDGSS gets the JWT token and validates its signature.

JWT (more precisely compact JWS) consists of three parts: header, payload, and signature. The payload contains a set of claims in a JSON object. The Issuer (“iss”) claim identifies the URI of the identity provider that issued the JWT.

There are two validation cases:

  • Local Validation: TDGSS receives the JWT minted by an internal Central IdP.
  • Validation by Token Exchange: TDGSS receives the JWT minted by an external IdP.