anjha00491 Absent Member.
Absent Member.
312 views

Using Kerberos for SSO


I am planning to use Kerberos for SSO for my identity application.
My current setup is on Windows and using Tomcat Application server.
I followed this link:
http://tinyurl.com/ounkvur
After complete processing, I tried the link.
But still it is showing me Login Page.
Strange part is, I am forced to use userID and after that it is
accepting anything in password and allowing successful Login.

Please help me here. If I am missing something.

Regards,
anand


--
anjha0049
------------------------------------------------------------------------
anjha0049's Profile: https://forums.netiq.com/member.php?userid=5837
View this thread: https://forums.netiq.com/showthread.php?t=55969

Labels (1)
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: Using Kerberos for SSO

On 6/1/16 7:34 AM, anjha0049 wrote:
>
> I am planning to use Kerberos for SSO for my identity application.
> My current setup is on Windows and using Tomcat Application server.
> I followed this link:
> http://tinyurl.com/ounkvur
> After complete processing, I tried the link.
> But still it is showing me Login Page.
> Strange part is, I am forced to use userID and after that it is
> accepting anything in password and allowing successful Login.
>
> Please help me here. If I am missing something.
>
> Regards,
> anand
>
>

Greetings,

1) What is the exact version of osp.war and osp-conf.jar that you are using?

2) If you have configured for Kerberos and are seeing the OSP login then
it generally means a configuration aspect was not completed correctly.

a) Was the Browser enabled for Kerberos?
b) Was OSP enabled for Kerberos?
c) Was the account in AD created correctly along with the keytab file?
d) Were all of the files created and with the correct entries for
Kerberos on the Tomcat server?
e) When accessing with the browser are you using the URL outlined when
creating the keytab in AD?
.....



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
anjha00491 Absent Member.
Absent Member.

Re: Using Kerberos for SSO


Hi Steven,
Please find my answers inline.

1) What is the exact version of osp.war and osp-conf.jar that you are
using?
OSP.war version is 6.0.0.2 and osp-conf.jar version: I am not sure
this.
As product is concerned we are using IDM 4.5.3

2) If you have configured for Kerberos and are seeing the OSP login
then
it generally means a configuration aspect was not completed correctly.


a) Was the Browser enabled for Kerberos?
Hopefully yes! I completed below mentioned settings in browser.

1.Logged in to the computer where users will need single sign-on
access.


2.Opened the Internet options control panel.


3.Clicked Security.


4.Clicked Trusted Sites > Sites.


5.Added the DNS name of the identity applications server.


6.Clicked Custom level....


7.Under User Authentication, selected Automatic logon with current user
name and password.

8.In Internet Options, clicked Advanced.


9.Under Security, selected Enable Integrated Windows Authentication.

10. that's all.


b) Was OSP enabled for Kerberos?

I hope this has to be done in configutility of User Application!!
Then Yes, I configured authentication method to Kerberos & set mapping
attribute to cn.

c) Was the account in AD created correctly along with the keytab file?


I hope yes! Account was created properly. After that, I created a folder
naming Kerberos under tomcat directory and placed my keytab file &
Kerberos_login.config inside this.

d) Were all of the files created and with the correct entries for
Kerberos on the Tomcat server? Yes.
e) When accessing with the browser are you using the URL outlined when
creating the keytab in AD?
sorry, I didn't get this question.
I used this command while creating my keytab in Active directory
connected powershell.

ktpass /out idm-dev.keytab /princ
HTTP/idm-dev.domainName@IDMDEV.DOMAINNAME /mapuser idm-dev /mapop set
/pass Password1 /crypto All /ptype KRB5_NT_PRINCIPAL
sorry!! didn't pasted the domain name as its confidential for us.


Kindly help.

Regards,
Anand


--
anjha0049
------------------------------------------------------------------------
anjha0049's Profile: https://forums.netiq.com/member.php?userid=5837
View this thread: https://forums.netiq.com/showthread.php?t=55969

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.