Before you begin
Ensure that the database server is set up for SSO authentication.
For information, see the Single Sign-on Access Control
section in the Informix® Security Guide.
About this task
You can use single sign-on (SSO) access control with JDBC
by using the DriverManager.getConnection() method
and setting the Communication Support Module (CSM) in the connection
URL to the service principal. Using SSO access control replaces the
user ID and password option.
Note: Support for Communication Support Module (CSM) is removed starting Informix Server 14.10.xC9 .
You should use Transport Layer Security (TLS)/Secure Sockets Layer (SSL) instead.
Procedure
- Modify the connection URL so that it includes the service
principal.
The service principal consists of the database
server name and the SSO realm.
CSM=(SSO=database_server@realm,ENC=true)
The ENC=true
setting
means that Generic Security Services (GSS) encryption is enabled.
The ENC=true
setting is optional because by default,
its value is true
. If you do not want to enable GSS
encryption, set the value to false: ENC= false
.
For
complete syntax of the connection URL, see Format of database URLs.
- Create a login configuration file with the following code:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
doNotPrompt=true;
}
- Run the application with the java.security.auth.login.config property
set to the login configuration files full path name, followed by the TestSso class.
The following is an example where
IfmxLog.conf is the login
configuration
file:
java -Djava.security.auth.login.config=mydirectory/IfmxLog.conf TestSso