Home
Enable single sign-on for the Windows desktop
Use the Kerberos authentication protocol to enable the IBM Lotus Connections and client Web browsers to prove their identities to one another in a secure manner. This configuration enables users to sign onto the Windows desktop and then be automatically signed into Lotus Connections features without having to authenticate.
The Kerberos authentication protocol is supported in environments in which Microsoft Active Directory is used as the LDAP
The Kerberos authentication protocol uses strong cryptography, which enables a client to prove its identity to a server across an insecure network connection. After the client and server have proven their identity, the authentication protocol encrypts the subsequent data sent back and forth.
To configure Lotus Connections to use the Kerberos authentication protocol, complete the following procedures:
- Create a service principal name and keytab file
Create a service account in Microsoft Active Directory to support a service principal name (SPN) for IBM Lotus Connections, and then create a keytab file that the Kerberos authentication service can use to establish trust with the Web browser.- Enable a trust association interceptor for SPNEGO
Configure and enable a SPNEGO trust association interceptor (TAI) on IBM WebSphere Application Server.- Configure Web browser preferences to support Kerberos authentication
Configure your Web browser to support Kerberos authentication.See also: Configure single sign-on for IBM Lotus Connections in the Kerberos environment