Configure Kerberos Authentication between the Web Browser and the GAS server

Kerberos configuration between the Web Browser and GAS server.

Once you have verified that Kerberos Authentication works between the Web browser and Web Server, the next step is to configure the same between the Web Browser and the GAS.

First, we configure a direct connection between the User Agent and the GAS.


Diagram of Kerberos authentication between web browser and GAS

Figure 1. Kerberos Authentication Flow: UA to GAS to DVM to DB

  1. Configure the GAS to use Kerberos Authentication.
  2. Add SPN HTTP/gasserver.intranet.corporate.com to the account that runs the GAS.
  3. Verify the Web Browser's Kerberos Authentication configuration: Host is now gasserver.intranet.corporate.com
  4. Launch application at URL: http://gasserver.intranet.corporate.com:6394/wa/r/application

The application should be launched without any password, and the DVM should run in the name of the logged-in user.

Note: Sysinternals's process explorer tool is useful for checking which name runs the DVM. See Useful Tools.