Warning Jobserver and all related Jobserver integrations are end of life starting October, 2024, with the exception of Public Sector customers using GovCloud or on-prem environments.
For information on registering a data source via Edge, go to Registering and synchronizing a data source via Edge.

CyberArk authentication

CyberArk is middleware to manage authentication and is used to provide access to various data sources. You can use CyberArk to let Data Catalog access and ingest data sources with username and password authentication.

Important 
  • The CyberArk authentication implementation can't be used with CData drivers.
  • You can only authenticate to data sources using username and password authentication.

Setting up CyberArk authentication

You set up CyberArk authentication when you register your data source or manage your JDBC driver. When you register your data source or manage your JDBC driver, you only provide the username, the password you need to authenticate to the data source is stored in CyberArk and is retrieved by the Jobserver. When you ingest a data source using CyberArk authentication, the Jobserver uses certificate-based mutual authentication to authenticate to CyberArk.

Note The connection to CyberArk is only supported over HTTPS.

To authenticate via CyberArk, you have to enable CCP WebService in CyberArk and keep the default name AIMWebService unchanged. You also have to provide your own CyberArk certificates via a JKS keystore that you upload to Collibra when you register your data source or manage your JDBC driver. The JKS keystore contains the CyberArk client certificates, the private key and, if required, a server certificate.

Tip For more information on the configuration of CyberArk certificates, see the CyberArk user guide.

Authentication workflow

Step

Action
1

The Jobserver requests credentials from CyberArk through a certificate-based mutual authentication.
2

CyberArk provides the Jobserver with a username and password.
3

The Jobserver uses these credentials to authenticate to a data source.

Configuration

If you want to use CyberArk authentication, you need the following connection properties. If you use one of the CyberArk connection properties, Data Catalog automatically uses CyberArk authentication.

Label Property

Description

 Mandatory
Keystore file keystoreFile

The name of the keystore file. The keystore must contain the client key and client certificate or certificate chain.

If defaultTruststore is set to false, the keystore has to contain the trusted CA certificate needed to validate the server certificate offered by CyberArk.

The value must have the following format: file://<keystore-file name.jks>.

Example file://cyberark-keystore.jks

Yes

Keystore password

keystorePass

The password required to open the keystore.

Yes

Default truststore

 defaultTruststore

The indication of the default truststore. The default value is set to False.

  • False: The certificate is validated through the keystoreFile property.
  • True: The certificate is validated through the default truststore from the Java JRE. This is recommended when CyberArk is set up to offer a server certificate that can be validated by a public CA (certification authority).
 No
CyberArk address cyberarkAddress

The host and port number through which the CyberArk server is accessible. The format of the address is hostname:port.

Example my.cyberark.com:5502

Yes

CyberArk application ID

cyberarkAppId

The application ID as defined in CyberArk.

This ID should be provided by your network or system administrator.

Yes
CyberArk query

cyberarkQuery

The CyberArk query.

This query should be provided by your network or system administrator.

Yes