and more in a single search tool across platforms. Read the announcement here. |
03/05/2024 01:18 AM
Hi Team,
We are looking to have SSL connectivity between Saviynt and target database system. I am looking for following details regarding the same. please share your views.
1. JDBC URL modifications required for enabling SSL connectivity.
2. Certificate requirements and supported formats. Also is there an option to automate certificate expiry notification.?
3. Validating that the data is being transmitted via SSL connectivity.
4. Any dependencies or configuration changes required on SC 2.0
03/05/2024 05:39 AM
Hi @Amar_Simha , please find the doc (Search SSL Certificate) - https://docs.saviyntcloud.com/bundle/Database-v24x/page/Content/Configuring-the-Integration-for-Impo...
Cert management and expiry notification details - https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter07-General-Administrator/Cer...
No specific changes on SC2 , except making sure connectivity between SC2 client and DB server on SSL port.
You could ask DBA team to force SSL and not allow non ssl. And if you can talk to it means it is via SSL/TLS.
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.
03/06/2024 05:53 AM
Thanks @AmitM for response.
making sure connectivity between SC2 client and DB server on SSL port. - How can we test this part?
Also, I could not find any JDBC URL related changes in the document links provided by you. please confirm.
03/06/2024 08:22 AM
There are no JDBC URL related changes for going SSL. It is same as non-ssl.
making sure connectivity between SC2 client and DB server on SSL port. - How can we test this part?
Ask your DB team on which port this service is running and telnet Database IP port from SC2 client
Thanks,
Amit
03/08/2024 01:32 AM
@AmitM : Thank you for the reply.
There are no JDBC URL related changes for going SSL. It is same as non-ssl. - Just trying to understand, how does SSL connectivity invoked if JDBC changes are not required.? Is it like if certificate is attached to connection, Saviynt tries SSL connectivity.?
Could you please help in understanding the process.? Thanks
03/08/2024 02:08 AM
Hi @Amar_Simha , it is combination of JDK, JDBC and DB server doing their stuff.
You need cert from db server and have it stored in client (SAviynt), in your connector if you have mentioned SSL, Then client/Saviynt will take the cert to JDBC driver when trying to talk to server.
Then JDBC driver will take care of it.
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.
03/08/2024 02:30 AM
@AmitM : Thank you very much for your detailed explanation and pardon me for continuous queries.
You need cert from db server and have it stored in client (SAviynt), in your connector if you have mentioned SSL, Then client/Saviynt will take the cert to JDBC driver when trying to talk to server.
[Amar] - From the above underlined statement, we need to mention SSL somewhere? If yes, can you help us where? Is it just adding certificate at connection level?
03/08/2024 02:39 AM
03/08/2024 03:32 AM
Thank you @AmitM !!
03/10/2024 07:57 PM - edited 03/10/2024 07:58 PM
Below are configs
Connection properties - { "sslConnection" : "true", "trustServerCertificate" : "true" , "encrypt" : "true"}
Refer below doc
https://docs.saviyntcloud.com/bundle/Database-v24x/page/Content/Preparing-for-Integration-v2022.htm
You can force all connections to your database instance to use SSL, or you can encrypt connections from specific client computers. To use SSL from a specific client, you must obtain certificates for the client computer, import certificates on the client computer, and then encrypt the connections from the client computer.
To create an SSL connection:
Enable the SSL connection on the client database.
Import the database certificate provided by the client database team into the EIC keystore <location>.
You can use the user interface to map the SSL certificate with the connection. The certificates are stored in the EIC trust store. For more information, see Certificate Management in the Enterprise Identity Cloud Administration Guide.
Update the connection string to enforce the SSL connection.
jdbc:sqlserver://<hostname>:<portnumber>;databasename=<dbname>;encrypt=true;trustServerCertificate=false
03/11/2024 02:02 AM
Thanks @rushikeshvartak @AmitM : I did try with these properties and have not uploaded certificate into Saviynt yet. Still connection is successful, is this an expected one? Shouldn't it be erroring the connection?
Just to add, I am trying with snowflake db.
03/11/2024 08:32 PM
I tested this but never worked for me 🙂
03/12/2024 01:50 AM
@rushikeshvartak : so you mean we cannot enable SSL connectivity to Databases (snowflake in this case)?
03/12/2024 10:42 AM
I have tested for MSSQL not for snowflake you can try
03/13/2024 12:18 PM
Alright, thank you!