Security and authentication

OAuth

Okta support

Vertica now supports Okta as an identity provider (IDP) for OAuth authentication. For details, see OAuth 2.0 authentication.

Empty username and password requirement removed (JDBC)

In 11.1.0, JDBC client applications that used OAuth had to pass an empty string for the user and password parameters in the connection string to authenticate. This parameter is no longer required when authenticating with OAuth.

Discovery URL parameter (keycloak only)

You can now specify a discovery URL for both an authentication record and JDBC/ODBC. The discovery URL is an endpoint that contains your identity provider's OpenID Provider Configuration Document. This parameter is only supported for Keycloak.

If specified as a connection property in JDBC or ODBC, the client drivers will automatically retrieve the token URL from the discovery URL.

Similarly, if specified as an authentication parameter in Vertica, Vertica will automatically retrieve the introspect_url from the discovery_url.

Scope parameter

The optional scope parameter lets you define the extent of access granted by the access token. For details about OAuth scoping, see the OAuth Documentation.

For details on this and other parameters, see JDBC connection properties and DSN Parameters (ODBC).

GRANT/REVOKE ALTER on TLS CONFIGURATION

You can now delegate the management (adding or removing certificates, changing the TLSMODE, etc.) of TLS Configurations to users or roles by granting and revoking ALTER privileges.