Kerberos Editor
The Kerberos Editor is updated with a Return option that pulls group information from the Kerberos Service Ticket when you are operating in a Microsoft Active Directory domain.
Parameters | Description |
---|---|
| The Kerberos principal that is used for authentication. The service principal is used by clients to request a service ticket when authenticating. The service principal name is based on the host name of the server running BMC Atrium Single Sign-On; for example, HTTP/bmc-xyz.sso.com@ATSSO.COM. With Active Directory, the SPN entered can either be the SPN used to generate the keytab file, or the user identify that the SPN was mapped to using the setspn.exe command. When entering the user identity instead of the SPN, specify it using the format <userid>@<DOMAIN>, for example, atriumsso@ATSSO.COM. |
| The Key Distribution Center (KDC) domain name. |
| The KDC host name. You must enter the fully qualified domain name (FQDN) of the domain controller. If you have multiple KDC servers (primary KDC and several secondary KDCs), you can specify them in this field, separated by a colon. If the primary KDC is unavailable at any moment for authentication, BMC Atrium Single Sign-On tries to use another KDC from the user's list; for example, abc.atsso.com:abc1.atsso.com. |
| You can choose the authentication mechanism for Kerberos. Two options are available:
|
| The following parameters are used:
|
Make UserId available to User Store | When this check box is selected, the user store searches use the original UserID instead of the value modified by the UserId Format parameter. For example, when BMC Atrium Single Sign-On searches the user store, the user ID provided from the Kerberos authentication module could be atsso\abcxyz, but the original value from the Kerberos Service Ticket is used to search the user store. |
Logging | Enable logging and click View to see the logging information on a web page. The Logging panel allows you to select from the following logging-level options:
Additionally, the logs contain Kerberos diagnostic information. For example, verification details for KVNO and SPN values comparison. Note: Turn off logging when you are not debugging the configuration for avoiding performance degradation. |
Comments
Log in or register to comment.