Does ms sqlserver support JWT or client certificate authentication

Gong, Allen 5 Reputation points
2024-03-25T09:57:05.8633333+00:00

We are using JDBC and ODBC to connection MS SQL Server authenticated by user name and password, but from security requirement we need to find a more secure client authentication method. Does SQL Server support client certificate or JWT client authentication? If does, how does it work in JDBC and ODBC? Thanks.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,592 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gong, Allen 5 Reputation points
    2024-03-29T02:00:33.6366667+00:00

    Get clarification from mssql-jdbc about this question:

    1. Client certificate authentication works only on linux environment where client and SQL Server are on the same machine.
    2. JWT authentication is not supported.

    check detail from here: https://github.com/microsoft/mssql-jdbc/issues/2371

    1 person found this answer helpful.
    0 comments No comments

  2. LucyChen-MSFT 405 Reputation points Microsoft Vendor
    2024-03-26T06:59:04.6766667+00:00

    Hi @Gong, Allen ,

    Thanks for your information.

    We can connect the SQL Server by using Client Certificate Authentication. From this article, you can understand how does it work in JDBC. In addition, you should configure a certificate authority the client trust, hope this article helps you well.

    When we call an ODBC connection, we can specify the server certificate to match against the certificate returned by the server during encryption negotiation. The Hostname in certificate option is ignored when a server certificate is specified. This option is applicable only when Connection Encryption is set to Strict and is available in ODBC Driver 18.1 and newer.

    S3-compatible storage should have STS endpoint service that enables clients to request temporary credentials using JWT of external identities:  Access external data: S3-compatible object storage - PolyBase - SQL Server | Microsoft Learn . You can also follow steps in this article to personalize the Database Connection with JWT.

    Best regards,

    Lucy Chen


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    https://docs.microsoft.com/en-us/answers/support/email-notifications