allywilson
Technical User
Hi all,
I'm currently helping a couple of colleagues with a situation involving a single sign on solution.
At the moment it's only a test environment, the solution is as follows...
All on one box:
Win2k3 active directory domain.
Sun Java System Access Manager.
What we're attempting to do is as follows...
Single Sign On (SSO) from a web application hosted locally to AD. Sounds simple, huh? Hasn't proved to be.
Domain: TESTDOMAIN.LOCAL
Host: sjsam.testdomain.local
User: TESTDOMAIN\sjsam
Ran command "ksetup /addkdc TESTDOMAIN.LOCAL sjsam.testdomain.local"
Also: "ktpass /princ HTTP/sjsam.testdomain.local@testdomain.local /pass Password123 /crypto DES-CBC-MD5 /mapuser testdomain\sjsam -mapop set /out C:\sjsam.HTTP.keytab"
The problem is that I don't know enough about Kerberos to understand what the commands are doing, what are they specifying, where is it set, what will the SJSAM be looking for, where can I point it towards to ensure it's doing it correctly, etc.
THe web application prompts for the user details but no matter what I specify it sits there for 30 seconds or so then advises authentication failure.
For being an option in SJSAM, WindowsSSO seems to be incredibly undocumented. I can't seem to find a single walk through online.
If you need any other info please advise - I know there's not much I've provided.
As always, any help appreciated!
I'm currently helping a couple of colleagues with a situation involving a single sign on solution.
At the moment it's only a test environment, the solution is as follows...
All on one box:
Win2k3 active directory domain.
Sun Java System Access Manager.
What we're attempting to do is as follows...
Single Sign On (SSO) from a web application hosted locally to AD. Sounds simple, huh? Hasn't proved to be.
Domain: TESTDOMAIN.LOCAL
Host: sjsam.testdomain.local
User: TESTDOMAIN\sjsam
Ran command "ksetup /addkdc TESTDOMAIN.LOCAL sjsam.testdomain.local"
Also: "ktpass /princ HTTP/sjsam.testdomain.local@testdomain.local /pass Password123 /crypto DES-CBC-MD5 /mapuser testdomain\sjsam -mapop set /out C:\sjsam.HTTP.keytab"
The problem is that I don't know enough about Kerberos to understand what the commands are doing, what are they specifying, where is it set, what will the SJSAM be looking for, where can I point it towards to ensure it's doing it correctly, etc.
THe web application prompts for the user details but no matter what I specify it sits there for 30 seconds or so then advises authentication failure.
For being an option in SJSAM, WindowsSSO seems to be incredibly undocumented. I can't seem to find a single walk through online.
If you need any other info please advise - I know there's not much I've provided.
As always, any help appreciated!
