Show TOC

Accessing AS Java with Kerberos AuthenticationLocate this document in the navigation structure

Use

Kerberos authentication is negotiated in the background between the client, the AS Java and the Kerberos KDC. To authenticate a client request to the AS Java using Kerberos, you also have to adjust the client configuration.

Use the steps below to configure your Web clients for using Kerberos authentication with the AS Java.

Prerequisites
  • You have configured the Kerberos KDC for Kerberos authentication with the AS Java. More information: Kerberos Key Distribution Center Configuration .

  • You have configured the AS Java to use SPNegoLoginModule for Kerberos Authentication.

  • The configuration steps depend on the specific Web client you are using. The examples used in this topic are based on the configuration steps for Microsoft Internet Explorer.

Procedure
  1. Enable Windows Integrated Authentication in your Web browser.

    Example

    In Internet Explorer go to Start of the navigation path Tools  Next navigation step  Internet Options  Next navigation step  Advanced  Next navigation step  Security End of the navigation path and choose Enable Windows Integrated Authentication (requires restart) .

  2. Enable automatic logon in Intranet zone.

    Example

    In Internet Explorer go to Start of the navigation path Tools  Next navigation step Internet Options  Next navigation step  Security  Next navigation step  Local Intranet  Next navigation step  Custom Level End of the navigation path and choose Automatic logon only in Intranet Zone from the section User Authentication .

  3. Add the AS Java's DNS host name to the list of local intranet sites.

    Example

    In Internet Explorer go to Start of the navigation path Tools Next navigation step Internet Options  Next navigation step  Security  Next navigation step  Local Intranet  Next navigation step  Sites  Next navigation step  Advanced  End of the navigation path and add the AS Java's DNS host name to the list.

Configuring Mozilla Firefox for Kerberos Authentication

The following example is specific to Mozilla Firefox version 2.0.0.x.

  1. Add the server name to the list of sites which do not use a proxy:

    Open the proxy settings of your browser. In the field No Proxy for specify the name of the AS Java for which you want to use Kerberos authentication, for example: my_kerberos_server .

  2. Allow integrated authentication:

    1. In the address bar of your browser, enter the following: about:config .

    2. Filter the entries by name using the prefix negotiate .

    3. Add the AS Java address to the entries network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris , for example: http://my_kerberos_server .

Mozilla Firefox is configured to use Kerberos authentication for the required AS Java.

Result

Your Web browser is configured to access the AS Java with Kerberos authentication.