Zoomdata Version

Configuring Zoomdata to Support Client Certificate Authentication

Zoomdata v2.2 and newer versions support X.509 client certificate authentication. However, note that auto-provisioning of user accounts is not available for client certificate authentication.

To use the X.509 authorization you need to:

  • Enable the X.509 option in the Security Services section
  • Configure the required properties in the zoomdata.properties file

Caveat

Zoomdata does not support auto-provisioning of user accounts for client certificate authentication.

Configuration Steps

For guidance on accessing and editing a Zoomdata property file, refer to the article Managing Configurations in Zoomdata .

Add the following settings to your zoomdata.properties file:

server.port= 8443
server.ssl.enabled= true
server.ssl.client-auth= want
server.ssl.key-store= .../server.jks
server.ssl.key-store-password= Your_password
server.ssl.key-store-type= use_either_jks_or_pkcs12
server.ssl.trust-store= .../truststore.jks
server.ssl.trust-store-password=
Your_password
server.ssl.trust-store-type= use_either_jks_or_pkcs12

For each user, create an user account in Zoomdata with the username set to the 'CN' in the user's certificate.

Troubleshooting

Challenges you may run into:

  • User is never prompted to select a certificate:
    • Make sure you have added at least one CA to the trust-store file.
    • Verify server.ssl.client-auth is set to want.
  • Clicking login brings me back to the login page:
    • Make sure the username matches the CN of the certificate being used.
    • Make sure the client certificate is signed by a CA in the trust-store.
For further troubleshooting assistance, please follow-up with Zoomdata Technical Support .