Kerberos configuration between the Web Browser and Web Server.
Having verified all Kerberos requirements, the next step is to
configure Kerberos Authentication between the Web Browser and the
Web Server:
Figure 1. Kerberos Authentication Flow: Showing UA and Web Server
only.
- Configure a Web Server to use Kerberos Authentication on a whole site or on a specific URL. For
IIS server, see IIS Configuration
- Configure Web Browsers to enable Kerberos Authentication:
- With a Kerberos-enabled Web Browser, go on the Kerberos-configured
Web site to retrieve a simple static HTML file that required Kerberos
Authentication. Do not try to access a Genero application or GAS dispatcher
yet, the goal at this stage is to keep this configuration step simple.
If
Kerberos is working, the Web Browser will retrieve the static HTML
without asking any password. For Web Browsers outside of the Kerberos
domain, access will be refused or a password will be asked for.
At this stage, you have verified the Kerberos environment prior to
adding Genero Kerberos configuration details.
Note: Because we configured an SSO environment, the password
should be asked only once: when the user logs on to the client machine.
The password should not be asked for again by the Web Browser. If
the Web Browser asks for a login/password, it generally means that
Kerberos Authentication has failed, and the Web Server has fallen
back on different Authentication schemes (NTML, digest, and so on).