Using Kerberos authentication with delegated credentials
Users can authenticate to different data sources using single sign-on login information. The server can delegate the user authentication to the data source, either through Information Services, or through a connector. This is possible only if you use the Kerberos single sign-on method.
If you are using a JDBC driver that supports passing the delegated user's Generic Security Standard (GSS) credentials through a connection property, then you can use constrained delegation with Information Services.
To enable constrained delegation for these drivers, add the following connection property to the corresponding Data Source Template.
<connection-property> <key>spotfire.kerberos.gsscredential.property</key> <value>connectionPropertyName</value> </connection-property>Where connectionPropertyName is driver-specific. (Refer to your driver's documentation for more information.)
Prerequisites
For delegation to work, no client user account in the domain can have the setting Account is sensitive and cannot be delegated. By default, this setting is not enabled.