Logging In to and Maintaining Database Resources Using an SSO Client
You can use single sign-on (SSO) tools to invoke the database client tool for database resource O&M and operation audit. Before your start, install the SSO and database client tools and then configure the path of the database client tool.
This topic describes how to configure the SSO client and how to use the SSO tool to log in to database resources.
There are four options for the single sign-on (SSO) tool:
- Mysql cmd
- MySQL Administrator
- Navicat
- DBeaver (supported by bastion host V3.3.48.0 and later versions)
Constraints
- The database operation audit is available only in professional editions.
- Only MySQL, SQL Server, Oracle, DB2, PostgreSQL, and GaussDB databases can be managed.
A bastion host cannot verify the database with SSL enabled. When connecting to GaussDB databases, you need to disable SSL (sslmode) on DBeaver.
- The client tool can be invoked only through SsoDBSettings.
- Only some database clients can be invoked through an SSO tool. For details, see the following table.
Table 1 Supported database protocols, versions, and clients Database Type
Version
Supported Client
MySQL
MySQL 5.5, 5.6, 5.7, and 8.0
Navicat 11, 12, 15, and 16
MySQL Administrator 1.2.17
MySQL CMD
Microsoft SQL Server
2014, 2016, 2017, 2019, and 2022
Navicat 11, 12, 15, and 16
SSMS 17.6
Oracle
10g, 11g, 12c, 19c, and 21c
Toad for Oracle 11.0, 12.1, 12.8, and 13.2
Navicat 11, 12, 15, and 16
PL/SQL Developer 11.0.5.1790
DB2
DB2 Express-C
DB2 CMD command line 11.1.0
PostgreSQL
11, 12, 13, 14, and 15
DBeaver 22 and 23
GaussDB
2 and 3
DBeaver 22 and 23
- You need to download the database versions supported.
- If you need to use an SSO tool to perform O&M on PostgreSQL and GaussDB databases, add the sslmode attribute to the connection attributes in and save the value as disable.
- The SsoTool.msi remote tool can be installed only in the default path C:\sso\SsoTool. If you install it in other paths, the tool may fail to be started.
Prerequisites
- You have the management permissions for the Host Operation module.
- You have obtained the access permissions for the resources.
- You have installed the client tool.
- The network connection between the managed host and the system is normal, and the account username and password for logging in to the managed host are correct.
Procedure
- Log in to your bastion host.
- Choose Operation > Host Operations to go to the Host Operations page.
- Select a host resource of the database protocol type and click Login.
- When you first time log in to the database, you will see the SsoDBSettings download window.
- The download tool varies depending on the bastion host version you are using.
For example, if you are using version 3.3.44.0, SSO tool Windows and UOS (Arm) are provided. You can select either of them from the drop-down list.
- Select the client tool that has been installed and click OK.
The local database client is automatically invoked.
- Log in to the database for operations.
Configuring the SSO Client
The following uses the Navicat client as an example to describe how to configure the client path.
- Start local SSO tool SsoDBSettings.
- Click the path configuration icon next to Navicat Path.
- Find the absolute path where the Navicat client is installed, select the .exe file, and click Open.
- Go to the SsoDBSettings SSO tool configuration page and view the selected Navicat client path.
- Click Save to return to the Host Operation page in your bastion host. Then, you can log in to the database.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot