Enabling Kerberos authentication for a GWC application

Assuming your network has been configured to support Kerberos authentication, this section outlines the steps you must take to enable Kerberos authentication for your application.

This section is not intended to provide you with all possible configurations for Kerberos within the GAS, but instead highlights configuration changes necessary to implement Kerberos authentication in order for a Web application to be delivered by the Genero Web Client.

Step One: Configure the GAS

Configure the GAS to handle authentication using Kerberos by configuring the AUTHENTICATION element in the GAS configuration file (as.xcf):

<AUTHENTICATION Type="KERBEROS">
  <REALM></REALM>
  <SERVICE_NAME>gassvc</SERVICE_NAME>
</AUTHENTICATION>

See Authentication Configuration Reference

Step Two: Configure the application

Modify the application configuration to include an AUTHENTICATION element. As only Kerberos authentication is supported at this time, specify KERBEROS as the authentication type:

<APPLICATION Parent="defaultgwc">
  <EXECUTION>
    <PATH>$(res.path.fgldir.demo)/Widgets</PATH>
    <AUTHENTICATION>KERBEROS</AUTHENTICATION>
  </EXECUTION>
</APPLICATION>

See Application List Reference

Step Three : Configure Kerberos Service Principal Names

Two Kerberos Service Principal Names are used: