Access Manager 5.0 Windows Server support
Access Manager 5.0 no longer lists Windows Server in the supported platforms. There's no mention in the release notes regarding this? How some Windows specific features e.g. Kerberos Constrained Delegation which required Windows Access Gateway will be supported?
Just curious, can you explain how using constrained delegation support provides any benefit with NAM. NAM does not do any Kerberos delegation. It accepts a token, get the authN info from it and discards it.
The primary objective of this change is to bring in feature parity across platforms. Current versions of Access Manager uses different code base for Windows and Linux platforms. Functionalities and Performance on Windows platform is limited compared to the Linux offerings.
KCD is unfortunately one of the features that is specific to Windows and we do not have a Linux alternative to this. We do not have many users for this feature though.
Do you use KCD with NAM today ? Can you please share your use case and we can surely find alternative options.
> Do you use KCD with NAM today ? Can you please share your use case and we can surely find alternative options.
Yes, we use Windows Access Gateways for injecting delegated Kerberos tickets to a PowerBI report server protected by AG reverse proxy.
I have customers using Kerberos constrained delegation: Users authenticate to NAM using secure contracts (2FA), NAM provides access & SSO to webservers with Kerberos authentication. IIS webservers often are configured for Kerberos authentication to support "native" SSO for domain clients on internal access.
NAM an Windows is not my preferred deployment option, but it is/was the only on supporting Kerberos constrained delegation. I´d like to see this feature on Linux!
If only it were so easy. This feature relies on a Microsoft extension to Kerberos. NAM uses open source Kerberos libraries that don't include the non-standard Microsoft extensions.