WebSEAL Kerberos configuration
Complete the Kerberos configuration on the appliance so that single sign-on with Kerberos constrained delegation can work.
Steps
- Select Web > Global Settings > Kerberos Configuration.
- On the Realms tab, select New > Realm.
- Enter the AD domain name. For example, <DOMAIN>.
- Click Save.
- Select the new realm.
- Click New > Property.
- In the Create New Property window, select kdc.
- Enter the AD KDC address in the Value field. The AD KDC address is the name of the domain controller. For example, <machine>.<domain>.
- Click Save.
- On the Defaults tab, change the default_realm to be the new realm that you just created.
- On the Keyfiles tab, import the key table file that was generated for the WebSEAL user.
- Deploy the changes.
- Select System > Network Settings > Hosts File.
- Add the AD domain and KDC addresses to the hosts file. This step is only necessary if the DNS is not configured.
- Deploy the changes.
Parent topic: Single sign-on using Kerberos constrained delegation