To set up browser authentication, you must configure TDGSS so the client is provided metadata from the Gateway, specifically the client needs IdpUrl and ClientId from the <GlobalValues> section of TdgssUserConfigFile.xml.
To configure TDGSS to provide the values:
- Make a backup copy of the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml and save it according to your site standard backup procedures.
- Edit TdgssUserConfigFile.xml. Uncomment the <GlobalValues> section and add values for the IdpUrl and ClientId properties:
<TdgssConfigFile> <Header Version="1" ConfigFileType="User"> </Header> <!-- To enable, uncomment the GlobalValues section and fill in the IdpUrl and ClientId attributes. When backing down to an earlier version (e.g. 17.0), comment this entire section out. <GlobalValues> <IdpConfig IdpUrl="" ClientId="" Scope="openid" /> </GlobalValues> -->
Where the <GlobalValues> section properties are:
Property Description IdpUrl The metadata URL for configured Identity Provider.It is the URL that client uses to contact the Identity Provider. Example: IdpUrl="https://sso-idp.mycloud.example.io/.well-known/openid-configuration"
ClientId The identifier of the client registered in the Identity Provider. The authorization server issues the registered client a client identifier. A unique string representing the registration information is provided by the client. Example: ClientId="sso-dev"
Scope [Optional] Scope of access token issued. It takes a list of strings separated by a single white-space. Example: Scope="email profile openid". If Scope is configured, then openid is a required value. - If run_tdgssconfig indicates that a TPA reset is required, run:
tpareset -f “use updated TDGSSCONFIG GDO”