Windows desktop single sign-on concepts
This section discusses the following topics:
- SPNEGO protocol and Kerberos authentication
Microsoft provides an authentication solution so that Windows clients can use Microsoft Internet Explorer to access resources on Microsoft Internet Information Servers (IIS) without reauthenticating.- User registry and platform support for SPNEGO
- SPNEGO compatibility with other authentication methods
WebSEAL support for Kerberos authentication is compatible with several WebSEAL authentication methods.- Map of user names from multi-domain Active Directory registries
By default, when WebSEAL is mapping user names to certain user registries, it truncates the user names that are provided by Kerberos authentication. Using truncated user names can cause name resolution conflicts if the same name is in multiple domains. However, we can control whether WebSEAL truncates the user name.- Multiple Active Directory domain support
Active Directory uses domains and forests to represent the logical structure of the directory hierarchy. Domains are used to manage the various populations of users, computers, and network resources in the enterprise. The forest represents the security boundary for Active Directory.- Kerberos authentication limitations
Some WebSEAL features are not supported with Kerberos authentication.
Parent topic: Windows desktop single sign-on
Related concepts
Related reference