Kerberos SSO and Identity Report module


Hi.

We had earlier a working SSO-login with Kerberos to UserApp as well as
SSO to the Identity Report module. This was when UA and the Reporting
module ran on the same JBoss-server. Users were able to login the whole
way with Kerberos. Recently we moved the Report module to the EAS-server
and installed it under its own JBoss-instance. And since then we havent
been able to get the Kerberos SSO to work as before.
Could you please remind of the steps necessary to get this working or
share any thoughts if this setup has some other implications to
consider.

IDM 4.02. UserApp 4.02 Patch D. Running on Suse 11 SP3, virtual
Machines.

/Mikael


--
mickelarsson
------------------------------------------------------------------------
mickelarsson's Profile: https://forums.netiq.com/member.php?userid=224
View this thread: https://forums.netiq.com/showthread.php?t=52310

  • On 11/28/2014 04:26 AM, mickelarsson wrote:
    >
    > Hi.
    >
    > We had earlier a working SSO-login with Kerberos to UserApp as well as
    > SSO to the Identity Report module. This was when UA and the Reporting
    > module ran on the same JBoss-server. Users were able to login the whole
    > way with Kerberos. Recently we moved the Report module to the EAS-server
    > and installed it under its own JBoss-instance. And since then we havent
    > been able to get the Kerberos SSO to work as before.
    > Could you please remind of the steps necessary to get this working or
    > share any thoughts if this setup has some other implications to
    > consider.
    >
    > IDM 4.02. UserApp 4.02 Patch D. Running on Suse 11 SP3, virtual
    > Machines.
    >
    > /Mikael
    >
    >

    Greetings,
    The Reporting Module does not support Kerberos SSO directly in
    4.0.x. One has to login to User Application via Kerberos and then can
    access Reporting in the same browser or Tab). Make sure that you have
    "Enable SSO To Other Application" set to true.

    --

    Sincerely,
    Steven Williams
    Lead Software Engineer
    NetIQ

  • Steven Williams;251602 Wrote:
    > On 11/28/2014 04:26 AM, mickelarsson wrote:
    > >
    > > Hi.
    > >
    > > We had earlier a working SSO-login with Kerberos to UserApp as well

    > as
    > > SSO to the Identity Report module. This was when UA and the Reporting
    > > module ran on the same JBoss-server. Users were able to login the

    > whole
    > > way with Kerberos. Recently we moved the Report module to the

    > EAS-server
    > > and installed it under its own JBoss-instance. And since then we

    > havent
    > > been able to get the Kerberos SSO to work as before.
    > > Could you please remind of the steps necessary to get this working or
    > > share any thoughts if this setup has some other implications to
    > > consider.
    > >
    > > IDM 4.02. UserApp 4.02 Patch D. Running on Suse 11 SP3, virtual
    > > Machines.
    > >
    > > /Mikael
    > >
    > >

    > Greetings,
    > The Reporting Module does not support Kerberos SSO directly in
    > 4.0.x. One has to login to User Application via Kerberos and then can
    > access Reporting in the same browser or Tab). Make sure that you have
    > "Enable SSO To Other Application" set to true.
    >
    > --
    >
    > Sincerely,
    > Steven Williams
    > Lead Software Engineer
    > NetIQ


    Yes, and are there any other prerequisites to get this working. I
    remember something about copying the UserApp certificate to a keystore
    provided by the Reporting module if running in SSL-mode. And what about
    when the Reporting modules sits on another server?
    Thanks.


    --
    mickelarsson
    ------------------------------------------------------------------------
    mickelarsson's Profile: https://forums.netiq.com/member.php?userid=224
    View this thread: https://forums.netiq.com/showthread.php?t=52310