Enabling Kerberos support in ORCA
By default, ORCA uses the username/password authentication mode. SOAP requests are executed with username/password tokens in the SOAP header.
On the CDP on which Kerberos would be enabled, perform the following tasks:
- Stop the peer.
Navigate to the /tomcat/webapps/baocdp/WEB-INF/wsdl directory where the CDP is installed and edit the Orchestrator.wsdl file as follows:
At the end of the file, comment out the username/password policy between the <sp:SupportingTokens> to </sc:ValidatorConfiguration> elements and then, uncomment the Kerberos policy immediately below.- Enable Kerberos in ORCA by adding the following tuning configuration in the peer's config directory:
<config><webservices><orca><support-kerberos-authentication>true</support-kerberos-authentication></orca></webservices></config> - Restart the peer.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*