Managed File Transfer

Hi all,

I'm trying to see if I can establish the JDBC connection for Sterling B2B Integrator using Kerberos authentication.

Our B2Bi system is running on Linux.

I am able to establish a Kerberos authenticated JDBC connection to the same database from the same server using my own java program by supplying some system properties ( java.security.auth.login.config & java.security.krb5.conf ) and adding parameters tot he standard JDBC connection string ( authenticationScheme=JavaKerberos;  & integratedSecurity=true; ).

But when I apply the same to Sterling B2B Integrator (adding the system properties via -D arguments in the run.sh script & updating the JDBC connection string in sandbox.cfg), the DB connections fail during the application startup.

I'm wondering if anyone has successfully achieved this or any other method to use trusted/integrated security (i.e. avoid username/password based DB authentication) for Sterling B2B Integrator ?

I have asked IBM about this, and as I understand, there is no support for this type of authentication, so I'm curious to see if it can be done.

Cheers,
Andrew.


------------------------------
Regards,
Andrew Plumb
------------------------------

#IBMSterlingB2BIntegratorandIBMSterlingFileGatewayDevelopers
#DataExchange

I don't think the supporting code/configuration is there.  I'm sure you are aware you can configure Single Sign On for the user interfaces, but that is far from connecting directly to a database on Sterling Integrator/File Gateway.

You can actually do this for Control Center during install but if you installed it without configurating Kerberos then you lose some monitoring functionality.  

Link for Control Center example:

IBM Sterling Control Center support to use Kerberos based authentication with Oracle database server

Good luck!


------------------------------
Laurie Sibbett
------------------------------

Original Message:
Sent: Sun July 24, 2022 02:51 AM
From: Andrew Plumb
Subject: Kerberos authentication for JDBC connection to Sterling B2B Integrator database

Hi all,

I'm trying to see if I can establish the JDBC connection for Sterling B2B Integrator using Kerberos authentication.

Our B2Bi system is running on Linux.

I am able to establish a Kerberos authenticated JDBC connection to the same database from the same server using my own java program by supplying some system properties ( java.security.auth.login.config & java.security.krb5.conf ) and adding parameters tot he standard JDBC connection string ( authenticationScheme=JavaKerberos;  & integratedSecurity=true; ).

But when I apply the same to Sterling B2B Integrator (adding the system properties via -D arguments in the run.sh script & updating the JDBC connection string in sandbox.cfg), the DB connections fail during the application startup.

I'm wondering if anyone has successfully achieved this or any other method to use trusted/integrated security (i.e. avoid username/password based DB authentication) for Sterling B2B Integrator ?

I have asked IBM about this, and as I understand, there is no support for this type of authentication, so I'm curious to see if it can be done.

Cheers,
Andrew.


------------------------------
Regards,
Andrew Plumb
------------------------------

#DataExchange
#IBMSterlingB2BIntegratorandIBMSterlingFileGatewayDevelopers

Thanks Laurie, I guess you might be right there... 

We are not looking to make use of single sign on for the Sterling B2B Integrator dashboard or control centre.

I didn't expect that the program code would require anything extra, since I can alter my test program to switch from standard username and password authentication to kerberos authentication just by supplying runtime parameters and changing the jdbc connection string and I'm able to do both those things for the Sterling B2B Integrator.

Regards



------------------------------
Regards,
Andrew Plumb
------------------------------

Original Message:
Sent: Mon July 25, 2022 07:38 AM
From: Laurie Sibbett
Subject: Kerberos authentication for JDBC connection to Sterling B2B Integrator database

I don't think the supporting code/configuration is there.  I'm sure you are aware you can configure Single Sign On for the user interfaces, but that is far from connecting directly to a database on Sterling Integrator/File Gateway.

You can actually do this for Control Center during install but if you installed it without configurating Kerberos then you lose some monitoring functionality.  

Link for Control Center example:

IBM Sterling Control Center support to use Kerberos based authentication with Oracle database server

Good luck!


------------------------------
Laurie Sibbett

Original Message:
Sent: Sun July 24, 2022 02:51 AM
From: Andrew Plumb
Subject: Kerberos authentication for JDBC connection to Sterling B2B Integrator database

Hi all,

I'm trying to see if I can establish the JDBC connection for Sterling B2B Integrator using Kerberos authentication.

Our B2Bi system is running on Linux.

I am able to establish a Kerberos authenticated JDBC connection to the same database from the same server using my own java program by supplying some system properties ( java.security.auth.login.config & java.security.krb5.conf ) and adding parameters tot he standard JDBC connection string ( authenticationScheme=JavaKerberos;  & integratedSecurity=true; ).

But when I apply the same to Sterling B2B Integrator (adding the system properties via -D arguments in the run.sh script & updating the JDBC connection string in sandbox.cfg), the DB connections fail during the application startup.

I'm wondering if anyone has successfully achieved this or any other method to use trusted/integrated security (i.e. avoid username/password based DB authentication) for Sterling B2B Integrator ?

I have asked IBM about this, and as I understand, there is no support for this type of authentication, so I'm curious to see if it can be done.

Cheers,
Andrew.


------------------------------
Regards,
Andrew Plumb
------------------------------

#IBMSterlingB2BIntegratorandIBMSterlingFileGatewayDevelopers
#DataExchange

And just in case anyone finds this thread and wants to encourage IBM to provide/support this feature, I have created this entry:
https://watsonsupplychain.ideas.ibm.com/ideas/B2BI-I-1144

------------------------------
Andrew
------------------------------

Original Message:
Sent: Mon July 25, 2022 10:49 AM
From: Andrew Plumb
Subject: Kerberos authentication for JDBC connection to Sterling B2B Integrator database

Thanks Laurie, I guess you might be right there... 

We are not looking to make use of single sign on for the Sterling B2B Integrator dashboard or control centre.

I didn't expect that the program code would require anything extra, since I can alter my test program to switch from standard username and password authentication to kerberos authentication just by supplying runtime parameters and changing the jdbc connection string and I'm able to do both those things for the Sterling B2B Integrator.

Regards



------------------------------
Regards,
Andrew Plumb

Original Message:
Sent: Mon July 25, 2022 07:38 AM
From: Laurie Sibbett
Subject: Kerberos authentication for JDBC connection to Sterling B2B Integrator database

I don't think the supporting code/configuration is there.  I'm sure you are aware you can configure Single Sign On for the user interfaces, but that is far from connecting directly to a database on Sterling Integrator/File Gateway.

You can actually do this for Control Center during install but if you installed it without configurating Kerberos then you lose some monitoring functionality.  

Link for Control Center example:

IBM Sterling Control Center support to use Kerberos based authentication with Oracle database server

Good luck!


------------------------------
Laurie Sibbett

Original Message:
Sent: Sun July 24, 2022 02:51 AM
From: Andrew Plumb
Subject: Kerberos authentication for JDBC connection to Sterling B2B Integrator database

Hi all,

I'm trying to see if I can establish the JDBC connection for Sterling B2B Integrator using Kerberos authentication.

Our B2Bi system is running on Linux.

I am able to establish a Kerberos authenticated JDBC connection to the same database from the same server using my own java program by supplying some system properties ( java.security.auth.login.config & java.security.krb5.conf ) and adding parameters tot he standard JDBC connection string ( authenticationScheme=JavaKerberos;  & integratedSecurity=true; ).

But when I apply the same to Sterling B2B Integrator (adding the system properties via -D arguments in the run.sh script & updating the JDBC connection string in sandbox.cfg), the DB connections fail during the application startup.

I'm wondering if anyone has successfully achieved this or any other method to use trusted/integrated security (i.e. avoid username/password based DB authentication) for Sterling B2B Integrator ?

I have asked IBM about this, and as I understand, there is no support for this type of authentication, so I'm curious to see if it can be done.

Cheers,
Andrew.


------------------------------
Regards,
Andrew Plumb
------------------------------

#DataExchange
#IBMSterlingB2BIntegratorandIBMSterlingFileGatewayDevelopers