Use Kerberos and Kerberos Delegation

To authenticate user access to a MATLAB® Production Server™ instance, you need to configure Kerberos. To delegate a client’s credential to a next hop web server or a database server that is protected by Kerberos, you need to configure Kerberos Delegation. Configuring Kerberos and Kerberos Delegation requires domain administrator privileges. Currently, you can use Kerberos and Kerberos Delegation with MATLAB Production Server instances running on Windows Server® operating systems with a Windows® Key Distribution Center. To configure Kerberos and Kerberos delegation, consult your IT / Windows System Administrator, and follow these steps:

  • Set up a service account for the MATLAB Production Server and register a service principal name for MATLAB Production Server service instance.

  • Configure constrained delegation without protocol transition for the service account.

  • Configure the local security privilege for the MATLAB Production Server service account.

  • Enable Kerberos and Kerberos Delegation in the MATLAB Production Server configuration file (main_config). For more information, see http-authentication-method and client-credential-delegation.

Only the following MATLAB functions within a deployable archive (.ctf) support using Kerberos Delegation:

  • webread

  • webwrite

  • HTTP Interface (MATLAB) functions

  • Database Toolbox™ functions (requires an ODBC driver)

All other functions within a deployable archive (.ctf) are executed using the credential of the MATLAB Production Server instance.

Supported Environment

OptionRequirement

Operating system

Windows Server

Kerberos Delegation

Constrained delegation without protocol transition

Key distribution center

Windows Server 2003 or later

Client

  • RESTful client over HTTP/HTTPS (HTTP 1.1) with JSON payload

  • The RESTful client must be one that supports SPNEGO/Kerberos—for example, curl with the --negotiate option or .NET HttpClient

MATLAB Runtime

MATLAB Runtime R2019b or later.

Deployable archive packaging

MATLAB Compiler SDK™ R2019b or later

Database server

Microsoft® SQL Server® 2012 or later

Database driver

Microsoft SQL Server ODBC driver version 11 or later

See Also

|