Configuration for Browser Authentication - Analytics Database - Teradata Vantage

To set up browser authentication, you must configure TDGSS so the client is provided metadata from the Gateway, specifically the client needs IdpUrl and ClientId from the <GlobalValues> section of TdgssUserConfigFile.xml.

To configure TDGSS to provide the values:

1. Make a backup copy of the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml and save it according to your site standard backup procedures.
2. Edit TdgssUserConfigFile.xml. Uncomment the <GlobalValues> section and add values for the IdpUrl and ClientId properties:

   <TdgssConfigFile>
       <Header
           Version="1"
           ConfigFileType="User">
       </Header>
       <!--
           To enable, uncomment the GlobalValues section and fill in the
           IdpUrl and ClientId attributes. When backing down to an earlier
           version (e.g. 17.0), comment this entire section out.
       <GlobalValues>
           <IdpConfig
               IdpUrl=""
               ClientId=""
               Scope="openid"
           />
       </GlobalValues>
       -->
   

   Where the <GlobalValues> section properties are:

   Property	Description
   IdpUrl	The metadata URL for configured Identity Provider.It is the URL that client uses to contact the Identity Provider. Example: IdpUrl="https://sso-idp.mycloud.example.io/.well-known/openid-configuration"
   ClientId	The identifier of the client registered in the Identity Provider. The authorization server issues the registered client a client identifier. A unique string representing the registration information is provided by the client. Example: ClientId="sso-dev"
   Scope	[Optional] Scope of access token issued. It takes a list of strings separated by a single white-space. Example: Scope="email profile openid". If Scope is configured, then openid is a required value.

3. If run_tdgssconfig indicates that a TPA reset is required, run:

   tpareset -f “use updated TDGSSCONFIG GDO”