Enabling Kerberos support in ORCA


By default, ORCA uses the username/password authentication mode. SOAP requests are executed with username/password tokens in the SOAP header.

On the CDP on which Kerberos would be enabled, perform the following tasks:

  1. Stop the peer.
  2. Navigate to the /tomcat/webapps/baocdp/WEB-INF/wsdl directory where the CDP is installed and edit the Orchestrator.wsdl file as follows:

    At the end of the file, comment out the username/password policy between the <sp:SupportingTokens> to </sc:ValidatorConfiguration> elements and then, uncomment the Kerberos policy immediately below. 

    Note

    Currently, these two policies cannot be effective at the same time. Therefore, enabling Kerberos support means disabling username/password support.

  3. Enable Kerberos in ORCA by adding the following tuning configuration in the peer's config directory:
    <config><webservices><orca><support-kerberos-authentication>true</support-kerberos-authentication></orca></webservices></config>
  4. Restart the peer.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*