1. Graph Developer's Guide for Property Graph
  2. Getting Started with Oracle Property Graphs
  3. Graph Visualization Application
  4. Kerberos Enabled Authentication for the Graph Visualization Application
  5. Preparing the Graph Visualization Application for Kerberos Authentication

7.5.2 Preparing the Graph Visualization Application for Kerberos Authentication

In order to use Kerberos authentication, you must enter your Active Directory credentials in the Graph Visualization application login page.

To enable Kerberos authentication for the Graph Visualization application, follow the steps shown:

  1. Locate the web.xml file for your installation.
    You can locate the WEB-INF/web.xml inside the Graph Visualization WAR file for your installation as shown in the following table:

    Table 7-4 Location of WEB-INF/web.xml file

    Type of Installation WAR file Location
    Standalone installation (RPM) graphviz-<version>-pgviz<graphviz-version>.war /opt/oracle/graph/graphviz
    Apache Tomcat Deployment: graphviz-<version>-pgviz<graphviz-version>-tomcat.war

    <version> denotes the downloaded Oracle Graph Server and Client version.

    1. Download oracle-graph-webapps-<version>.zip from Oracle Software Delivery Cloud
    2. Unzip the file into a directory of your choice.
    3. Locate the .war file for deploying the Graph Visualization application to Tomcat. It follows the naming pattern: graphviz-<version>-pgviz<graphviz-version>-tomcat.war
    Oracle WebLogic Server Deployment graphviz-<version>-pgviz<graphviz-version>-wls.war

    <version> denotes the downloaded Oracle Graph Server and Client version.

    1. Download oracle-graph-webapps-<version>.zip from Oracle Software Delivery Cloud
    2. Unzip the file into a directory of your choice.
    3. Locate the .war file for deploying the Graph Visualization application to Oracle WebLogic Server. It follows the naming pattern: graphviz-<version>-pgviz<graphviz-version>-wls.war
  2. Extract the appropriate WAR file to a directory of your choice by executing the following command: 
    unzip graphviz-*.war -d <war-file-extraction-path>
  3. Locate and open the WEB-INF/web.xml file for update using any file editor of your choice. For example:
    cd <war-file-extraction-path>
vi WEB-INF/web.xml
  4. Enable the graphviz.driver.auth.kerberos parameter as shown:
    <context-param>
        <param-name>graphviz.driver.auth.kerberos</param-name>
        <param-value>true</param-value>
</context-param>
    Setting this flag true initiates the Graph Visualization application to install its own okinit package.
  5. Optionally. set the cache directory that will be used by the Graph Visualization application to temporarily store Kerberos tickets given by clients as shown
    <context-param>
        <param-name>graphviz.driver.auth.kerberos.cache_dir</param-name>
        <param-value>/dev/shm/graph_cache</param-value>
</context-param>
    The default value is /dev/shm/graph_cache. If the directory does not exist, it will be automatically created upon server startup.
  6. Optionally, set the maximum amount of concurrent Kerberos active sessions in the Graph Visualization application.
    <context-param>
        <param-name>graphviz.driver.auth.kerberos.max_cache_size</param-name>
        <param-value>64</param-value>
</context-param>
  7. Optionally, modify the directory where okinit package will be installed, by updating the following parameter:
    <context-param>
    <param-name>graphviz.driver.auth.kerberos.okinit-directory</param-name>
    <param-value>/tmp</param-value>
</context-param>

    Note:

    The default value is /tmp and you must have executable permission for the directory.
  8. Optionally, set the following parameter if there is a location for an existing okinit package on your machine. In this case, the GraphVisualization application will not install its own okinit package.
    <context-param>
        <param-name>graphviz.driver.auth.kerberos.graphviz.driver.auth.okinit-location</param-name>
        <param-value></param-value>
</context-param>

    Note:

    The GraphVisualization application must have executable permission for the directory location.
  9. Finally, after all the preceding updates, repackage the WAR file by executing the following commands:
    cd <war-file-extraction-path>
jar -cvf <war-file-name> *
  10. Redeploy the WAR file to the appropriate directory for your installation.
    Kerberos authentication is enabled for the Graph Visualization Application.

Parent topic: Kerberos Enabled Authentication for the Graph Visualization Application