WebSEAL Kerberos configuration

Complete the Kerberos configuration on the appliance so that single sign-on with Kerberos constrained delegation can work.

Procedure

  1. From the top menu, select Secure Web Settings > Global Settings > Kerberos Configuration.
  2. On the Realms tab, select New > Realm.
  3. Enter the AD domain name. For example, <DOMAIN>.
  4. Click Save.
  5. Select the new realm.
  6. Click New > Property.
  7. In the Create New Property window, select kdc.
  8. Enter the AD KDC address in the Value field. The AD KDC address is the name of the domain controller. For example, <machine>.<domain>.
  9. Click Save.
  10. On the Defaults tab, change the default_realm to be the new realm that you just created.
  11. On the Keyfiles tab, import the key table file that was generated for the WebSEAL user.
  12. Deploy the changes.
  13. From the top menu, select Manage System Settings > Network Settings > Hosts File.
  14. Add the AD domain and KDC addresses to the hosts file.
    Note: This step is only necessary if the DNS is not configured.
  15. Deploy the changes.
Parent topic: Single sign-on using Kerberos constrained delegation