Navigation:  Admin Panel > Adapters >

Kerberos

Previous pageReturn to chapter overviewNext page
Show/Hide Hidden Text

Kerberos is used to grant users access to the SSP7 application without doing a manual login. This process is also called Single Sign On. Kerberos is be default supported in Microsoft IIS.

IIS version 6

Go to default.asp xin the Common/WinLogin folder, select properties and open the tab File Security. On top select Edit... and uncheck "Enable anonymous access". Make sure only integrated Windows authentication is enabled.

clip0008

clip0009

Define some custom 401 error pages to capture browsers that don't support the Kerberos login. The custom 401 error page is included in the WinLogin folder. Your setting should look like this:

clip0010

IIS Version 7

Go to default.aspx in the Common\WinLogin folder. To see the file, first select the WinLogin folder in the folder tree on the left, the click on Content Display tab at the bottom of the page. Select the default.aspx file and switch to Function view. Then select authentication. Here you should disable Anonymous authentication and enable Windows authentication. The error message that is displayed can be ignored.

On the Kerberos tab in the adapter menu, you will find additional fields that need to be set.

clip0021

This query is running on the local SSP database and should retrieve the correct person from the SSP7 Person database that matches the Kerberos Id ({0}). Please note that the kerberos Id may include more than just the username, for example the domain name.