Pentaho

Customer Portal

Get a grip on your data

With battle-tested solutions and a focus on foundational strength,

Pentaho+ helps you meet the challenges of an AI-driven world.

Security for Pentaho

Your feedback is important to us! Email us how we can improve these documents.

Overview

This page serves as a library for Pentaho’s security-based documents. You will find best practices for general and advanced security purposes that will help you with configuration, securing passwords, authentication, optimizing connections, and other security-based functions.

Contents

  • General Security
    • Configuring Pentaho with LDAP or Active Directory - updated!
    • Configuring Pentaho with Integrated Windows Authentication (IWA)
    • Configuring Pentaho to Use Database-Based Security
    • How to Secure LDAP Passwords for Pentaho Suite
    • Migrate Users/Roles from Pentaho Security to JDBC
    • Pentaho and Tomcat Security
    • Securing Connection Passwords for Pentaho Suite
  • Advanced Security
    • Pentaho Server SAML Authentication with Hybrid Authorization
    • Connecting the PDI Client to a Secure Hadoop Cluster
    • PDI with Oracle Wallet Security
    • Pentaho, Linux, and MSAD Authentication with Kerberos
    • Pentaho Server: Optimizing Connection Pools
    • Pentaho Tools and Integrated Authentication Methods

The Components Reference in Pentaho Documentation has a complete list of supported software and hardware.

General Security

 ConfPentLDAPorMSADCover.jpg Configuring Pentaho with LDAP or Active Directory
For version 7.x, 8.x, 9.x / published February 2020

Pentaho can be configured to use many mechanisms for authentication and authorization, such as the lightweight directory access protocol (LDAP) or database-based authentication (JDBC authentication).

This document aims to work through the steps needed to set up Pentaho to authenticate using Microsoft (MS) Active Directory.

Audience: Security and server administrators, or anyone with a background in authentication and authorization with MS Active Directory.

 Configuring_Pentaho_8_cover.jpg Configuring Pentaho with Integrated Windows Authentication (IWA)
For version 8.x / published June 2019

Pentaho can be configured to use many mechanisms for authentication and authorization, such as the lightweight directory access protocol (LDAP) or database-based authentication (JDBC authentication) from Microsoft Active Directory.
This document aims to work through the steps needed to set up Pentaho to authenticate using Integrated Windows Authentication (IWA) with a pre-configured Microsoft (MS) Active Directory.

Audience: Security and server administrators, or anyone with a background in authentication and authorization with MS Active Directory.

Configuring_Pentaho_to_Use.jpg Configuring Pentaho to Use Database-Based Security
For version 7.1, 8.x / published February 2019

Java database connectivity (JDBC) authentication shows you how to set up Pentaho to authenticate with a database-based authentication scheme.

Audience: Pentaho administrators, or anyone with a background in authentication and authorization who is interested in applying JDBC.

How_to_Secure_LDAP.jpg How to Secure LDAP Passwords for Pentaho Suite
For versions 6.x, 7.x, 8.0 / published April 2018

The default Pentaho deployment requires the entry of the master-user’s password in plain text within the LDAP properties configuration file. The usual recommendation is to secure this file by removing read permissions for all OS users except for the master-user, but your security regulations may specify that you are not able to use a plain text password in the file system.

Audience: Server administrators who are configuring the Pentaho BA server to use LDAP authentication.

Migrate_Users_and_Roles.jpg Migrate Users/Roles from Pentaho Security to JDBC
For versions 5.4, 6.x, 7.x / published April 2018

This document demonstrates how to extract existing users, roles, and role-association data from Pentaho Security using Pentaho Data Integration (PDI) and loading it into database security tables. The process can be adapted to other advanced security options.

Audience: Customers who seek more security support for excessive users and roles.

Pentaho_and_Tomcat_Security.jpg Pentaho and Tomcat Security
For versions 6.x, 7.x / published August 2017

We have collected a set of best practice recommendations for you to leverage when using Tomcat as your web application server.

Audience: Developers and QA personnel who need to configure Apache Tomcat to host a Pentaho solution.

Securing_ConnectionPasswords.jpg Securing Connection Passwords for Pentaho Suite
For versions 5.4, 6.x, 7.x / published August 2017

This guide provides an approach to use encrypted or obfuscated passwords with the Business Analytics (BA) and Data Integration (DI) servers deployed within a supported Tomcat server. This guide uses features and APIs within Tomcat, assumes familiarity with the archive installation methods for the Pentaho servers, and general knowledge of Oracle’s Java platform.

Audience: Developers and database administrators who are interested in making connection passwords more secure.

 

Advanced Security

SAML.jpg Pentaho Server SAML Authentication with Hybrid Authorization
For versions 7.x, 8.x / published January 2019

SAML is a specification that provides a means to exchange an authentication assertion of the principal (user) between an identity provider (IdP) and a service provider (SP). Once the plugin is built and installed, your Pentaho Server will become a SAML service provider, relying on the assertion from the
IdP to provide authentication.

Audience: Security and server administrators, or anyone with a background in authentication and authorization with SAML.

connectpdihadoop.png

Connecting the PDI Client to a Secure Hadoop Cluster
For versions 6.x, 7.x, 8.0 / published May 2018

This document covers best practices on methods and strategies regarding the different options to execute processes and authenticate users with Big Data using the Windows operating system.

Audience: Pentaho administrators or anyone with PDI experience who is interested in improving authentication setups.

PDI_with_Oracle_Wallet.jpg PDI with Oracle Wallet Security
For versions 5.4, 6.x, 7.x / published April 2018

We have gathered best practices around the setting up PDI to work with Oracle’s security. Oracle provides single sign-on (SSO) using wallets and allows packet encryption using SSL with a proprietary SSO key store.

Audience: PDI and Oracle administrators who need to set up single sign-on using wallets and SSL.

Pentaho_Linux_and_MSAD.jpg Pentaho, Linux, and MSAD Authentication with Kerberos
For versions 6.x, 7.x / published January 2018

Many enterprises require that all of their connections to different databases be authenticated via a Kerberos ticket. This applies to all JDBC-type connections including both BA and DI Repository connections (hibernate, quartz, and jackrabbit); solution connections, which are configured in the context.xml through the manage datasources in the Pentaho User Console (PUC); and in a job or transformation.

Audience: Pentaho administrators using Linux and Active Directory who want to set up authentication with Kerberos tickets.

Pentaho_Server_Optimizing_Conn.jpg Pentaho Server: Optimizing Connection Pools
For versions 6.x, 7.x, 8.0 / published January 2018

The main objective of this document is to cover some best practices on the optimization of database connection pools within the Pentaho Server. This document is not intended to dictate what the best options are, but rather to present some best practices for customers who are interested in optimizing performance and response time in their Pentaho installations. Some of the topics covered here include connection parameters and considerations for configuring database server resources.

Audience: Customers who are interested in optimizing performance and response time in their Pentaho installations.

Pentaho_Tools_and_Integrated.jpg Pentaho Tools & Integrated Authentication Methods
For versions 6.x, 7.x, 8.0 / published January 2018

Here is a brief description of the different authentication methods recommended for the Pentaho Tools when using them in a Big Data clustering environment.

Audience: System administrators or anyone with a background in security who is interested in authentication.

 

 

 

 

 

 

 

 

Comments