Show TOC

Configuring the UME for Kerberos MappingLocate this document in the navigation structure

Context

When you configure Kerberos authentication, you can configure user mapping by choosing from the following mapping modes:

  • Principal only

  • Principal@REALM

  • Principal and REALM

For more information about the mapping modes, see Changing User Mapping for Kerberos .

Unless you choose the Principal@REALM mapping mode, with virtual user as the data source, the Kerberos Principal Name (KPN) retrieved by AS Java has to be mapped to an existing user in the User Management Engine (UME). If the mapping source is a custom user attribute (one that is not predefined in the UME), you need to prepare the UME configuration for this mapping by adding this custom attribute.

Procedure

Determine whether you need to modify the UME configuration.

  • If you are mapping the principal token to standard user attributes (logon ID or e-mail, for example), you do not need to modify the configuration.

  • If you are mapping the principal token to a custom user attribute, you must ensure that the attribute exists and contains data. Customize the data source configuration file to account for the custom attributes you want to use.

For more information, see Customizing a UME Data Source Configuration .