Accessing J2EE Engine with Kerberos Authentication

Use

Kerberos authentication is negotiated in the background between the client, the J2EE Engine and the Kerberos KDC. To authenticate a client request to the J2EE Engine using Kerberos, you also have to adjust the client configuration.

Use the steps below to configure your Web clients for using Kerberos authentication with the J2EE Engine.

Prerequisites

·        You have configured the Kerberos KDC for Kerberos authentication with the J2EE Engine. For more information, see Kerberos Key Distribution Center Configuration.

·        You have configured the J2EE Engine to use SPNegoLoginModule for Kerberos Authentication. For more information, see J2EE Engine Configuration for Kerberos.

·        The configuration steps depend on the specific Web client you are using. The examples used in this topic are based on the configuration steps for Microsoft Internet Explorer.

Procedure

       1.      Enable Windows Integrated Authentication in your Web browser.

In Internet Explorer go to Tools ® Internet Options ® Advanced ® Security and choose Enable Windows Integrated Authentication (requires restart).

       2.      Enable automatic logon in Intranet zone.

In Internet Explorer go to Tools ® Internet Options ® Security ® Local Intranet ® Custom Level and choose Automatic logon only in Intranet Zone from the section User Authentication.

       3.      Add the J2EE Engine’s DNS host name to the list of local intranet sites.

In Internet Explorer go to Tools ® Internet Options ® Security ® Local Intranet ® Sites ® Advanced and add the J2EE Engine’s DNS host name to the list.

Result

Your Web browser is configured to access the J2EE Engine with Kerberos authentication.