Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Integrated security from IDM to MS SQL Database

Go to solution
clotilde_martinez
Participant

on ‎2023 Feb 08 1:48 PM

0 Likes
1,569

Hi IDM experts,

I have to connect IDM to a MS SQL Database, using the equivalent of "Windows authentication".

IDM is installed on a unix server. I think I got the overview of what to do, but i'm stuck. I added integratedsecurity=true to my db connexion string. I get the following error : This driver is not configured for integrated authentication.

Is is quite similar to what Matt had here : https://answers.sap.com/questions/11198836/sqljdbcauthdll-reference-in-a-dispatcher.html

First of all, I downloaded again my jdbc driver from microsoft website. I found the file to rename in the zip and put it in my java jre/bin folder. Is it the right place to put it? I guessed that since this java folder is in my dispatcher properties it should find it. I then restarted my dispatcher but no success.

So two questions : where should i put this sqljdbc_auth.dll and how should i declare it to be found?

Then, I think I'll probably be stuck again : should i also create a different dispatcher, ran by the windows user that should connect to the DB or is it another way to do it? Also, DB string connexions in IDM require a user and a passord, if i put in something wrong, will it be ignored? Or should i go through a script?

Thank you!

Clotilde

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

lambert-giese
Active Participant
‎2023 Feb 09 8:39 AM
0 Likes

Clotilde, I've never done myself what you're trying to achieve, but Alex' comment regarding the DLL is definitely correct: you can't use this on Linux. So I'm pretty sure putting the DLL into whatever directory won't solve your problem. Microsoft might not even ship any Linux version (ending in .so) of this shared library - at least I didn't found any mention of sqljdbc_auth.so anywhere.

This StackOverflow answer mentions that you need to have a different configuration on the SQL client/JDBC driver side to make integrated security work on Linux by using a different security mechanism (Java/Kerberos). You may want to try that suggestion out.

Show replies
Show replies
clotilde_martinez
Participant
‎2023 Feb 17 10:51 AM
0 Likes

Hi Lambert,

thank you for your answer. we indeed used kerberos and it seems to work, I'm currently testing it.

Thanks for the tip!

Clotilde

clotilde_martinez
Participant
‎2023 Feb 20 3:27 PM
0 Likes

Hello,

after testing, the solution is this one : in the database connexion on /idm/admin, put your databasename followed by :

DBname;integratedsecurity=true;authenticationScheme=NTLM;realm=<user domain>;encrypt=false

I still had to put a user and a password but it is not a local db user so the team is happy.

Cheers,

Clotilde

Answers (1)

Answers (1)

alexanderbrietz
Active Contributor
‎2023 Feb 08 5:34 PM
0 Likes

Hi Clotilde,

sorry but I cannot provide insights with MSSQL as DB.

But I am using a custom jar with my dispatchers and I put it in the Identity_Center/Java directory from IDM runtime. There you can find other DLLs like sapjco3.dll as well.

For my custom jar I add it to dispatcher definition "DSE Class Path" in the Dispatcher Gui menue "Settings". I would guess that the DLL will get loaded automatically once it is in the right place.

From reading your post I have one question: Is your dispatcher instance on Windows? If it is on Unix as well I would assume that a DLL is not helpful! IMHO you would need a unix library as a pendant, most commonly ending on .so.

Reading the linked post I would recommend checking the link to MS page http://msdn.microsoft.com/en-us/library/ms378428.aspx. There should be an option to enable integrated authentication like Matt did with "mxmc_db;integratedSecurity=true;" as database parameter in the dispatcher settings of IDM 7.2.

HTH

Regards,

Alex

Show replies
Show replies
Ask a Question