UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
370 views

Access Manager 5.0 Windows Server support

Access Manager 5.0 no longer lists Windows Server in the supported platforms. There's no mention in the release notes regarding this? How some Windows specific features e.g. Kerberos Constrained Delegation which required Windows Access Gateway will be supported?

0 Likes
6 Replies
Vice Admiral
Vice Admiral

Just curious, can you explain how using constrained delegation support provides any benefit with NAM. NAM does not do any Kerberos delegation. It accepts a token, get the authN info from it and discards it.

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Hi Sakari,

   The primary objective of this change is to bring in feature parity across platforms. Current versions of Access Manager uses different code base for Windows and Linux platforms. Functionalities and Performance on Windows platform is limited compared to the Linux offerings. 

KCD is unfortunately one of the features that is specific to Windows and we do not have a Linux alternative to this. We do not have many users for this feature though.

Do you use KCD with NAM today ? Can you please share your use case and we can surely find alternative options.

thanks,

Gireesh

0 Likes

> Do you use KCD with NAM today ? Can you please share your use case and we can surely find alternative options.

Yes, we use Windows Access Gateways for injecting delegated Kerberos tickets to a PowerBI report server protected by AG reverse proxy.

0 Likes

I have customers using Kerberos constrained delegation: Users authenticate to NAM using secure contracts (2FA), NAM provides access & SSO to webservers with Kerberos authentication. IIS webservers often are configured for Kerberos authentication to support "native" SSO for domain clients on internal access.

NAM an Windows is not my preferred deployment option, but it is/was the only on supporting  Kerberos constrained delegation. I´d like to see this feature on Linux!

br,
Thomas

Vice Admiral
Vice Admiral

If only it were so easy. This feature relies on a Microsoft extension to Kerberos. NAM uses open source Kerberos libraries that don't include the non-standard Microsoft extensions. 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.