Connect to Oracle by using Kerberos (JDBC Thin Driver)

Prerequisites

This tutorial does not cover the configuration of Windows Server and Oracle instances. Consider reading the official documentation of these vendors.

Client side

Before configuring the connection in DataGrip, ensure that you have configured and got the following prerequisites:

Configured krb5.conf.
Configured Kerberos client to run kinit. For more information about configuring and installing Kerberos, see the Kerberos documentation at web.mit.edu.

Server side

For more information about configuring the server side, consider reading the following links.

Oracle instance with Kerberos. The following links might be useful:
- Make Someone Else do the Work - Managing Oracle Database 19c Users in Active Directory (part 1 - Kerberos) at blogs.oracle.com
- Configuring Kerberos Authentication at docs.oracle.com
Windows Server with configured Active Directory authentication.
Kerberos installed and configured on your Windows Server machine. The following documentation might help you:
- Kerberos Authentication Overview at docs.microsoft.com

Configuring data source in DataGrip

First, you need to obtain a ticket for a user. To obtain the ticket, you need to run the kinit command with the username.

Run kinit in the command prompt

In the command prompt or in the terminal, run the following command:
kinit oraclekrb
Instead of oraclekrb, use your username.
Enter a password for the username.

Create a data source

Open data source properties. You can open data source properties by using one of the following options:
- Navigate to File | Data Sources.
- Press Ctrl+Alt+Shift+S.
- In the Database Explorer (View | Tool Windows | Database Explorer), click the Data Source Properties icon .
In the Data Sources and Drivers dialog, click the Add icon () and select Oracle.
From the Connection type list, select SID.
In the Host field, type the host address of your database.
In the SID field, enter the instance name. You can ask your database administrator for the instance name or try running the following query in the command prompt when connected to the instance with your user:
SELECT sys_context('userenv','instance_name') FROM dual;
From the Driver list, select Thin.
From the Authentication list, select Kerberos.
On the General tab, click Test Connection to ensure that the connection is successful.

Check an authentication method

Run the following query from the data editor:
SELECT sys_context('userenv', 'authentication_method') FROM dual;

Troubleshooting

EncryptionKey: Key bytes cannot be null!

There are cases when the connection does not work with the Oracle driver 21.1.0.0. Try switching to other driver versions (for example, 19.8.0.0 or 12.2.0.1). For more information about changing the driver's version, see Change the driver version.

Last modified: 17 March 2022