Kerberos Configuration Properties
Kerberos provides single sign-on (SSO) access to a back end that is integrated into the Kerberos realm. Another provider must authenticate clients before the Kerberos provider is called.
- Incorporating into your Kerberos realm all back-end resources to which you want to provide SSO access.
- Associating the SAP Mobile Platform service with a user.
- Enabling SAP Mobile Platform users to delegate to the services representing the Kerberos back-end resources.
- Configuring a separate authentication provider, earlier in the list, in the same security profile.
- Specifying appropriate values for the properties below.
|Description||None||Differentiate between multiple instances of the same provider type; for example, when you have multiple authentication providers of the same type stacked in a security profile, and each targets a different repository.|
|kdc||None||The Key Distribution Center (KDC) identifier, in the format <hostname>:<port>.|
|realm||None||The Kerberos realm to use for authenticating SAP Mobile Platform Server users to the KDC; must be capitalized, for example, MYREALM.MYCORP.COM.|
|cname||None||The user name in the KDC that is associated with SAP Mobile Platform Server.|
|key||None||The hexadecimal value of the key that is shared between the
SAP Mobile Platform service and the KDC.
To create a key:
|credential||spnego||The name of the credential that provides the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) Kerberos token upon successful authentication.|
To validate your settings, click Test Settings. A message reports either success or failure; if validation fails, invalid settings are highlighted.