Share via

SSO (AD + application) configuration guide

zoras 26 Reputation points
2021-07-09T07:52:26.397+00:00

I got two machines, both with Windows Server 2016.
One with AD (not Azure AD) and one with an Java container (KARAF) and Krb5LoginModule (from JAAS).
I want to set up Kerberos 5 in this environment, so that the Java machine can authenticate a user by contacting the KDC (AD).

Is there a (step by step) guide, article or documentation to set up/configure an SSO application? Like starting the service on AD, changing user settings for making them fit to authenticate, register spn, etc. Also maybe on application side (I know that java has no place here, but the settings must be similar).

Thanks in Advance

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2021-07-09T10:18:19.61+00:00

    Hi,

    I don't think that here you will find a documentation about Java application.
    You can ask this question on Java forum. Here there is only Microsoft specialist.
    based on my experience, you have to know if the Java application you are used needs :

    • a service account
    • Check if a keytab file is required
    • A SPN set on service account

    You should check with the developer who should know if the application requires a service account with keytab file or only a service account to ensure the SSO using kerberos protocol. He should know also which SPN should be set for this application.

    Please don't forget to mark helpful reply as answer

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.