Dynamic Key Rotation and Third-Party Logon| SQL Engine 17.10 | Teradata Vantage - 17.10 - JSON Web Token Enhancements - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Release Summary

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Release Notes
Publication ID
B035-1098-171K
Language
English (United States)

The JSON Web Token (JWT) mechanism is enhanced in Release 17.10:

  • The JWT mechanism now dynamically updates JSON Web Keys (JWKs). When logging on to Teradata Vantage using JWT, an Identity Provider (IdP) signs the token using its private key and the Teradata server verifies the token's signature using the corresponding public key. If the IdP rotates the private keys the Teradata Gateway now automatically updates the public keys.
  • The JWT mechanism now accepts JWT logons from third-party applications. For example, a user logs into a web app from a browser. The web app federates the logon to the customer's IdP. If the user then connects to Teradata Vantage, the web app provides the JWT token to the database to successfully complete the logon.

Benefits

  • Automatic JWK update during logon.
  • Allows logons from third-party applications.
  • JWKs are cached for improved performance.

Considerations

  • JWT key rotation and third-party logons are disabled by default. To enable these features, update the configuration file and execute the run_tdgssconfig command. No database reset is needed.

Additional Information

For more information about security, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.