Kerberos configuration between the Web Browser and Web Server.
Having verified all Kerberos requirements, the next step is to configure Kerberos Authentication between the Web Browser and the Web Server:
Figure 1. Kerberos Authentication Flow: Showing UA and Web Server only.
- Configure a Web Server to use Kerberos Authentication on a whole site or on a specific URL. For IIS server, see IIS Configuration
- Configure Web Browsers to enable Kerberos Authentication:
- for Internet Explorer, see Internet Explorer Configuration
- for Firefox, see Firefox Configuration
- With a Kerberos-enabled Web Browser, go on the Kerberos-configured
Web site to retrieve a simple static HTML file that required Kerberos
Authentication. Do not try to access a Genero application or GAS dispatcher
yet, the goal at this stage is to keep this configuration step simple.
If Kerberos is working, the Web Browser will retrieve the static HTML without asking any password. For Web Browsers outside of the Kerberos domain, access will be refused or a password will be asked for.
At this stage, you have verified the Kerberos environment prior to adding Genero Kerberos configuration details.
Note: Because we configured an SSO environment, the password
should be asked only once: when the user logs on to the client machine.
The password should not be asked for again by the Web Browser. If
the Web Browser asks for a login/password, it generally means that
Kerberos Authentication has failed, and the Web Server has fallen
back on different Authentication schemes (NTML, digest, and so on).