SSO Security Hardening | Teradata Vantage - 17.20 - SSO Security Hardening - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

A JWT received from a client is validated using the JWK (JSON Web Key) from the JWK URI using REST API calls. For performance reasons JWK is cached, so that future validations are fast and avoid any further REST API calls. Some mechanism properties are added to JWT mechanism for security hardening.

JWTRestAPIMaxTimeAllowed

The JWTRestAPIMaxTimeAllowed property specifies the maximum (in seconds) REST API call timeout.

The default setting is 20 seconds.

JWTRestAPITimeLimit

The JWTRestAPITimeLimit property specifies time (in seconds) between REST API calls. Too many REST API calls cause denial of service.

The default setting is 10 seconds.

JWTKeyCacheRefreshTime

The JWTKeyCacheRefreshTime property specifies the interval (in minutes) at which the key cache is purged, so the new key cache is refreshed.

The default setting is 1440 minutes (24 hours).

JWTClientTlsCACertDir

The JWTClientTlsCACertDir property specifies the location of the CA certificates. It specifies the full path to the site/ssl/cacerts directory.

There is no default, but it is typically here: /opt/teradata/tdat/tdgss/site/ssl/cacerts/.

JWTClientUseTls

The JWTClientUseTls property enforces TLS 1.2 or higher for REST API calls. This makes sure that the REST API always uses https and that peer and host verification is done.

The default setting is "Yes". The value "No" should not be used in production.

JWTSkewTime

The JWTSkewTime property specifies the maximum skew time (in seconds) allowed during JWT validation.

The default setting is 300 seconds (5 minutes).