Show TOC Start of Content Area

Procedure documentation Step 2: Kerberos Realm  Locate the document in its SAP Library structure

Use

Use this topic to add necessary configuration options for the Kerberos Realms of the users that access the AS Java with Kerberos.

The wizard configuration enables you to specify a single or multiple user domains for Kerberos authentication to the AS Java.

Prerequisites

You have made the necessary configuration changes to meet the requirements of Step 1: Prerequisites.

Procedure

See the section that is relevant to the number of Kerberos Realms you want to enable for Single Sign-On with SPNego on the AS Java.

..

Single domain configuration:

       1.      Enter the name of the Kerberos Realm or Windows Domain inside the input field Realm Name.

       2.      Choose Add KDC  to add the host address and port for the Key Distribution Center (KDC).

       3.      Choose Retrieve Principal to retrieve the AS Java Kerberos Principal Name (KPN), registered for the AS Java service user in the LDAP Directory.

                            a.      Enter the Service User Name you created for Step 1: Prerequisites.

                            b.      Enter the Service User Password.

                            c.      For the case when the LDAP server is not the same as the KDC, enter the LDAP Host name and LDAP Port.

       4.      Choose Type Principal to manually enter the AS Java’s KPN.

                            a.      Enter the KPN of the AS Java in Principal.

                            b.      Enter the password for the AS Java service user in Password.

       5.      Choose Next to proceed to Step 3: Resolution Mode.

Multiple domain configuration:

...

For each of the Kerberos Realms or Windows Domains to configure:

       1.      Press the button Add Kerberos Realm.

       2.      Enter the name of the Kerberos Realm or Windows Domain in the highlighted row in the table for Kerberos Realms,

       3.      Choose Add KDC  to add the host address and port for the Key Distribution Center (KDC).

       4.      Choose Retrieve Principal to retrieve the AS Java Kerberos Principal Name (KPN), registered for the AS Java service user in the LDAP Directory.

                            a.      Enter the Service User Name you created for Step 1: Prerequisites.

                            b.      Enter the Service User Password.

                            c.      For the case when the LDAP server is not the same as the KDC, enter the LDAP Host name and LDAP Port.

       5.      Choose Type Principal to manually enter the AS Java’s KPN.

                            a.      Enter the KPN of the AS Java in Principal.

                            b.      Enter the password for the AS Java service user in Password.

       6.      Choose Next to proceed to Step 3: Resolution Mode.

Result

      You have provided the Kerberos Realms of the users that can access the AS Java with Kerberos authentication.

      You have provided the host addresses and ports of the KDCs for the Kerberos Realm.

      The KPNs of the AS Java are specified.

 

 

End of Content Area