Kerberos configuration between the Web Browser and GAS server.
Once you have verified that Kerberos Authentication works between the Web browser and Web Server, the next step is to configure the same between the Web Browser and the GAS.
First, we configure a direct connection between the User Agent and the GAS.
Figure 1. Kerberos Authentication Flow: UA to GAS to DVM to DB
- Configure the GAS to use Kerberos Authentication.
- Add SPN HTTP/gasserver.intranet.corporate.com to the account that runs the GAS.
- Verify the Web Browser's Kerberos Authentication configuration:
Host is now gasserver.intranet.corporate.com
- for Internet Explorer, see Internet Explorer Configuration
- for Firefox, see Firefox Configuration
- Launch application at URL: http://gasserver.intranet.corporate.com:6394/wa/r/application
The application should be launched without any password, and the DVM should run in the name of the logged-in user.
Note: Sysinternals's process explorer tool is useful
for checking which name runs the DVM. See Useful Tools.