Complete the Kerberos configuration on the appliance so
that single sign-on with Kerberos constrained delegation can work.
Procedure
- From the top menu, select .
- On the Realms tab, select .
- Enter the AD domain name. For
example, <DOMAIN>.
- Click Save.
- Select the new realm.
- Click .
- In the Create New Property window,
select kdc.
- Enter the AD KDC address in the Value field. The AD KDC address is the name of the domain controller.
For example, <machine>.<domain>.
- Click Save.
- On the Defaults tab, change the default_realm to
be the new realm that you just created.
- On the Keyfiles tab, import the
key table file that was generated for the WebSEAL user.
- Deploy the changes.
- From the top menu, select .
- Add the AD domain and KDC addresses to the hosts file.
Note: This step is only necessary if the DNS is not configured.
- Deploy the changes.