...
Please first configure LDAP and test it. When you configured LDAP correctly, you can move on with the following instructions to setup Kerberos SingleSign On.
Active Directory is the LDAP implementation and Kerberos is a protocol method that let you identify to other services with your windows logon. Having configured both LDAP and Kerberos you can achieve Single Sign On which means, that custo diagnostic will automatically use the user that is logged on to Windows for authentication and the user does not need to enter any passwords.
Steps to configure the Kerberos System:
- Create a normal domain user (used by Apache Tomcat to identify for Kerberos methos), "custoKerberos" . This creation has to be done by Domain-Administrator of the customer.
- Create a keytab-File - this file contains combines the use of Apache Tomcat ("Service Principal Name") to the user created above. This creation has to be done by Domain-Administrator of the customer.
- Configure Apache Tomcat to use the kerberos configuration
- Enable Kerberos Identification in custo service center.
Create Domain User for Apache Tomcat
This step has to be done by the domain administrator.
Create a normal domain user - in our example "custoKerberos". This user does not have to have specific access rights - but it must be able to authenticate/login with this user to the Windows Domain.
Kerberos
Kerberos lets you automatically login to the custo manager with you windows user if your user has a valid LDAP mapping. To do this you need to configure LDAP first.
...