Addressing JAAS Conflicts for Kerberos
A JAAS conflict with another component can prevent Integration Server JDBC pools from using Kerberos to successfully connect to the database. This occurs after a JDBC connection establishes a Kerberos connection using the Oracle ojdbc8 driver. Integration Server JDBC pools are not able to use Kerberos to connect to the database. All connection attempts fail with the message:
No LoginModules configured for loginConfigName from database URL.
The connection attempts fail because there is a JAAS conflict in which the Integration Server JAAS configuration has been wiped out by another component.
To address this issue, you can configure Integration Server to programmatically run JAAS to obtain Subject and then use that Subject to establish a connection to the database. To use this functionality, the following must be true:
The server configuration parameter watt.server.jdbc.datadirect.useJaasSubjectForKerberos must bet set to true.The parameter specifies that
Integration Server uses the Subject in a JAAS configuration when using Kerberos with JDBC pool connections. You do not need to restart
Integration Server for changes to this parameter to take effect.
The
Database URL for the JDBC Connection Pool alias must contain
AuthenticationMethod=Kerberos.