Help Center> Cloud Bastion Host> User Guide> Operation> Host Operation> Logging In to and Maintaining Database Resources Using an SSO Client

Updated on 2024-04-11 GMT+08:00

View PDF

Logging In to and Maintaining Database Resources Using an SSO Client

CBH allows you to use single sign-on (SSO) tools to invoke the database client tool for database resource O&M and operation audit. Before your start, install the SSO and database client tools and then configure the path of the database client tool.

This topic describes how to configure the SSO client and how to use the SSO tool to log in to database resources.

There are four options for the single sign-on (SSO) tool:

Mysql cmd
MySQL Administrator
Navicat
DBeaver (supported by bastion host V3.3.48.0 and later versions)

Constraints

The database operation audit is available only in the CBH professional editions.
Only MySQL, SQL Server, Oracle, DB2, PostgreSQL, and GaussDB databases can be managed.
The client tool can be invoked only through SsoDBSettings.

Only some database clients can be invoked through an SSO tool. For details, see the following table.

**Table 1** Supported database protocols, versions, and clients
Database Type	Version	Supported Client
MySQL	MySQL 5.5, 5.6, 5.7, and 8.0	Navicat 11, 12, 15, and 16 MySQL Administrator 1.2.17 MySQL CMD
Microsoft SQL Server	2014, 2016, 2017, 2019, and 2022	Navicat 11, 12, 15, and 16 SSMS 17.6
Oracle	10g, 11g, 12c, 19c, and 21c	Toad for Oracle 11.0, 12.1, 12.8, and 13.2 Navicat 11, 12, 15, and 16 PL/SQL Developer 11.0.5.1790
DB2	DB2 Express-C	DB2 CMD command line 11.1.0
PostgreSQL	11, 12, 13, 14, and 15	DBeaver 22 and 23
GaussDB	2 and 3	DBeaver 22 and 23

You need to download the databases and versions supported by CBH by yourselves.
If you need to use an SSO tool to perform O&M on PostgreSQL and GaussDB databases, add the sslmode attribute to the connection attributes in Database > Driver Manager and save the value as disable.
The SsoTool.msi remote tool can be installed only in the default path C:\sso\SsoTool. If you install it in other paths, the tool may fail to be started.

Prerequisites

You have the management permissions for the Host Operation module.
You have obtained the access permissions for the resources.
You have installed the client tool.
The network connection between the managed host and the system is normal, and the account username and password for logging in to the managed host are correct.

Procedure

Log in to the CBH system.
Choose Operation > Host Operation to go to the Host Operation page.

Figure 1 Host Operation
Select a host resource of the database protocol type and click Login.
- When you first time log in to the database, you will see the SsoDBSettings download window.
- The download tool varies depending on the CBH version you are using.
  For example, if you are using CBH V.3.3.44.0, SSO tool Windows and UOS (Arm) are provided. You can select either of them from the drop-down list.
Select the client tool that has been installed and click OK.
The local database client is automatically invoked.
Log in to the database for operations.

Configuring the SSO Client

The following uses the Navicat client as an example to describe how to configure the client path.

Start local SSO tool SsoDBSettings.
Click the path configuration icon next to Navicat Path.
Find the absolute path where the Navicat client is installed, select the .exe file, and click Open.
Go to the SsoDBSettings SSO tool configuration page and view the selected Navicat client path.
Click Save to return to the Host Operation page of the CBH system. Then, you can log in to the database using the SSO tool.