Configuration for Browser Authentication - Advanced SQL Engine

Configuration for Browser Authentication - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

July 2021

Language

English (United States)

Last Update

2022-02-15

dita:mapPath

ppz1593203596223.ditamap

dita:ditavalPath

wrg1590696035526.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

To set up browser authentication, you must configure TDGSS so the client is provided metadata from the Gateway, specifically the client needs IdpUrl and ClientId from the <GlobalValues> section of TdgssUserConfigFile.xml.

To configure TDGSS to provide the values:

Make a backup copy of the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml and save it according to your site standard backup procedures.

Edit TdgssUserConfigFile.xml. Uncomment the <GlobalValues> section and add values for the IdpUrl and ClientId properties:

<TdgssConfigFile>
    <Header
        Version="1"
        ConfigFileType="User">
    </Header>
    <!--
        To enable, uncomment the GlobalValues section and fill in the
        IdpUrl and ClientId attributes. When backing down to an earlier
        version (e.g. 17.0), comment this entire section out.
    <GlobalValues>
        <IdpConfig
            IdpUrl=""
            ClientId=""
        />
    </GlobalValues>
    -->

Where the <GlobalValues> section properties are:

Property	Description
IdpUrl	Refers to the configured external identity provider. Example: IdpUrl="https://sso-idp-dev.iam.teradatacloud.io/.well-known/openid-configuration"
ClientId	The ID of the Gateway that is used during the token exchange. Example: ClientId="sso-dev"

If run_tdgssconfig indicates that a TPA reset is required, run:
```
tpareset -f “use updated TDGSSCONFIG GDO”
```