Jump to: navigation, search

Windows Authentication with MS SQL Server for Framework Applications

Windows Authentication provides a more secure way for an Application to access an MS SQL database without storing the database password in the Genesys configuration.

Full details about how to enable Windows Authentication with MS SQL Server are described in the "Microsoft SQL Server Databases" section of the Framework Database Connectivity Guide.

This topic describes how to enable and configure Framework Applications to use Windows Authentication with MS SQL Server.

Prerequisites

Before you can configure individual applications to use Windows Authentication, you must first create Windows processes on the MS SQL Server for each component that will be accessing the database. Specifically, you need to create a Windows process for the following components in the scenarios that applies to your configuration:

  • Configuration Server with a direct connection to the Configuration Database—None
  • Configuration Server with an indirect connection to the Configuration Database—DB Server 8.1.3
  • Message Server with a direct connection to the Log Database—Message Server
  • Message Server with an indirect connection to the Log Database—DB Server 8.1.3

Follow the instructions here to configure the Windows processes required.

Important
If you are using DB Server 8.1.3, it must be using DB Client 8.1.3 or higher.

Configuring Applications to use Windows Authentication when Accessing MS SQL Server

How you configure a Framework Application to use Windows Authentication depends on how it accesses its database, that is, whether it uses DB Server or not. These scenarios are described below.

Important
For a full description of Windows Authentication, see the "Windows Authentication with MS SQL Server" section of the Microsoft SQL Server Databases topic in the "Framework Database Connectivity Guide. These scenarios assume that you are using Windows Authentication with Domain Source Name (DSN), not with a Trusted User. See "Configuring Applications to use Windows Authentication when Accessing MS SQL Server" on the same topic above for details about these two kinds of Windows Authentication.

Configuration Server

Using DB Server

If Configuration Server is using DB Server, you must:

  1. Set up a Windows process on MS SQL Server for DB Server, as described here.
  2. In Configuration Server, configure the options that describe the Configuration Database and set dbthread=false in the configuration file confserv.cfg, as shown in the example below.

Using a DSN named "sqldsn", the entries would look something like this:

...
[confserv]
...
dbthread=false
...
 
[dbserver]
host=<name of host on which DB Server is running>
port =<host port through which to communicate with DB Server>
dbengine=mssql 
dbserver=dsn
dbname=sqldsn
username=<this field can be filled with a dummy username> 
password=<this field can be left empty or filled with a dummy password>
...

Not Using DB Server

If Configuration Server is not using DB Server, you must set dbthread=true and the options that describe the Configuration Database in the configuration file confserv.cfg, as shown in the example below.

Using a DSN named "sqldsn", the entries would look something like this:

...
[confserv]
...
dbthread=true
...
 
[dbserver]
host=<name of host on which DBMS is running>
port =<host port through which to communicate with the DBMS>
dbengine=mssql 
dbserver=dsn
dbname=sqldsn
username=<this field can be filled with a dummy username>  
password=<this field can be left empty or filled with a dummy password>
...

Message Server

If Message Server is using DB Server, you must set dbthread=false in the [messages] section of the Message Server Application object. Configure a DAP in which DB Server is set. DB Server must be using DB Client 8.5.1 or higher. You must also configure a Windows process for DB Server, as described here.

If Message Server is accessing the Log Database directly (without DB Server), you must still configure a DAP but it will not point to DB Server. Set dbthread=true in the [messages] section of the Message Server Application object. You must also set up a Windows process for Message Server, as described here.

In both cases, set the Username field to a dummy username.

Retrieved from "https://docs.genesys.com/Documentation:FR:Dep:WinAuth:8.5.1 (2019-05-23 20:45:51)"
This page was last modified on July 11, 2017, at 08:02.

Feedback

Comment on this article:

blog comments powered by Disqus