17.20 - Explanation of Single Sign-on Examples - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

The following explains logon terms used in the Single Sign-on example.

Syntax Element Description
mech_name Required only if KRB5 is not used. Specify the SPNEGO mechanism for Kerberos authentication from a .NET client.
If no mechanism and no user credentials are specified, the system assumes a single sign-on and authenticates with Kerberos.
authorization_qualifier Required if users are authorized by a directory, that is, the KRB5 mechanism has AuthorizationSupported=yes:
  • The directory user is mapped to multiple user or profile objects (for all mechanisms).

If the matching directory user is mapped to multiple database users:

If the directory user is mapped to more than one database user, specify the user with the database privileges needed for the session in the form:

user= database_username

The database username can be either a database user or EXTUSER.
If the matching directory user is mapped to multiple profiles:
  • If a directory user is mapped to multiple profiles, specify profile=profile_name to identify the session profile.
  • If the directory user is mapped to one or more database users, and also to a profile, the session defers to the separately mapped profile instead of the profile belonging to the mapped database user.

If the directory offers multiple realms:

Specify the realm as it appears in the directory, normally the fully qualified DNS name of the directory, for example:

realm=directory_FQDNSName

The system processes realm information as follows:

tdpid Required. The tdpid identifies the Teradata Vantage system, or host group to which the logon, if successful, connects.
, , User credentials are not required for single sign-on.

The , , is required as a place holder for the user credentials only if an account string is specified. Otherwise commas are not needed.

"account" Optional. The account string must be enclosed in double quotation marks. For information on accounts, see Teradata Vantage™ - Database Administration, B035-1093.