Show TOC Anfang des Inhaltsbereichs

Vorgehensweisen Accessing AS Java with Kerberos Authentication  Dokument im Navigationsbaum lokalisieren

Use

Kerberos authentication is negotiated in the background between the client, the AS Java and the Kerberos KDC. To authenticate a client request to the AS Java using Kerberos, you also have to adjust the client configuration.

Use the steps below to configure your Web clients for using Kerberos authentication with the AS Java.

Prerequisites

      You have configured the Kerberos KDC for Kerberos authentication with the AS Java. More information: Kerberos Key Distribution Center Configuration.

      You have configured the AS Java to use SPNegoLoginModule for Kerberos Authentication.

      The configuration steps depend on the specific Web client you are using. The examples used in this topic are based on the configuration steps for Microsoft Internet Explorer.

Procedure

       1.      Enable Windows Integrated Authentication in your Web browser.

Beispiel

In Internet Explorer go to Tools Internet Options Advanced Security and choose Enable Windows Integrated Authentication (requires restart).

       2.      Enable automatic logon in Intranet zone.

Beispiel

In Internet Explorer go to Tools Internet Options Security Local Intranet Custom Level and choose Automatic logon only in Intranet Zone from the section User Authentication.

       3.      Add the AS Java’s DNS host name to the list of local intranet sites.

Beispiel

In Internet Explorer go to Tools Internet Options Security Local Intranet Sites Advanced and add the AS Java’s DNS host name to the list.

Result

Your Web browser is configured to access the AS Java with Kerberos authentication.

Example: Configuring Mozilla Firefox for Kerberos Authentication

The following example is specific to Mozilla Firefox version 2.0.0.x.

...

       1.      Add the server name to the list of sites which do not use a proxy:

Open the proxy settings of your browser. In the field No Proxy for specify the name of the AS Java for which you want to use Kerberos authentication, for example: my_kerberos_server.

       2.      Allow integrated authentication:

                            a.      In the address bar of your browser, enter the following: about:config.

                            b.      Filter the entries by name using the prefix negotiate.

                            c.      Add the AS Java address to the entries network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, for example: http://my_kerberos_server.

Mozilla Firefox is configured to use Kerberos authentication for the required AS Java.

 

 

 

Ende des Inhaltsbereichs