The JSON Web Token (JWT) mechanism is enhanced in Release 17.10:
- The JWT mechanism now dynamically updates JSON Web Keys (JWKs). When logging on to Teradata Vantage using JWT, an Identity Provider (IdP) signs the token using its private key and the Teradata server verifies the token's signature using the corresponding public key. If the IdP rotates the private keys the Teradata Gateway now automatically updates the public keys.
- The JWT mechanism now accepts JWT logons from third-party applications. For example, a user logs into a web app from a browser. The web app federates the logon to the customer's IdP. If the user then connects to Teradata Vantage, the web app provides the JWT token to the database to successfully complete the logon.
Benefits
- Automatic JWK update during logon.
- Allows logons from third-party applications.
- JWKs are cached for improved performance.
Considerations
- JWT key rotation and third-party logons are disabled by default. To enable these features, update the configuration file and execute the run_tdgssconfig command. No database reset is needed.
Additional Information
For more information about security, see Teradata Vantageā¢ - Advanced SQL Engine Security Administration, B035-1100.