go to  ForumEasy.com   
LdapPro  
 
 
   Home  |  MyForum  |  FAQ  |  Archive    You are not logged in. [Login] or [Register]  
Forum Home » Authentication Delegation & Single Sing-On (SSO) » How to configure IIS to support Kerberos protocol for Single Sign-On (SSO)
Email To Friend  |   Set Alert To This Topic Rewarding Points Availabe: 0 (What's this) New Topic  |   Post Reply
Author Topic: How to configure IIS to support Kerberos protocol for Single Sign-On (SSO)
SteveHB
member
offline   
 
posts: 113
joined: 05/31/2006
from: Mountain View, CA
  posted on: 06/01/2006 07:44:59 PM    Edit  |   Quote  |   Report 
How to configure IIS to support Kerberos protocol for Single Sign-On (SSO)
IIS passes the Negotiate security header when Integrated Windows authentication is used to authenticate client requests. The Negotiate security header lets clients select between Kerberos authentication and NTLM authentication. The Negotiate process selects Kerberos authentication unless one of the following conditions is true:

• One of the systems that is involved in the authentication cannot use Kerberos authentication.

• The calling application does not provide sufficient information to use Kerberos authentication.

To enable the Negotiate process to select the Kerberos protocol for network authentication, the client application must provide a service principal name (SPN), a user principal name (UPN), or a NetBIOS account name as the target name. Otherwise, the Negotiate process always selects the NTLM protocol as the preferred authentication method.

Essentially, you need not to do anything for IIS to support Kerberos protocol for network authentication due to the facts:

• By default, the NTAuthenticationProviders metabase property is not defined when you install IIS 6.0. IIS 6.0 uses the Negotiate, NTLM parameter when the NTAuthenticationProviders metabase property is not defined. Therefore, you do not have to configure IIS to use the Negotiate,NTLM property value unless the default value has been overwritten.

• By default, the NTAuthenticationProviders metabase property is defined when you install IIS 5.1 and IIS 5.0. This metabase property uses the Negotiate, NTLM parameter. Therefore, you do not have to configure IIS to use the Negotiate,NTLM property value unless the default value has been overwritten.


To make sure that IIS is using Kerberos protocol or NTLM protocol, open the Internet Services Manager by selecting Start -> Programs -> Administrative Tools -> Internet Services Manager. Select the Web site you wish to configure the redirection to, right-click and select properties from the context menu. Click on the Directory Security tab and then the Edit button in the Anonymous access and authentication control section. This will bring up a dialog of Authentication Methods. On this dialog, you must confirm that the selection of Integrated Windows Authentication is checked, which is a default settings.


 Profile | Reply Points Earned: 0
SteveHB
member
offline   
 
posts: 113
joined: 05/31/2006
from: Mountain View, CA
  posted on: 06/01/2006 07:47:18 PM    Edit  |   Quote  |   Report 
How to configure BEA WebLogic to support Kerberos protocol for Single Sign-On (SSO)
http://e-docs.bea.com/wls/docs81/secmanage/sso.html

 Profile | Reply Points Earned: 0
SteveHB
member
offline   
 
posts: 113
joined: 05/31/2006
from: Mountain View, CA
  posted on: 06/01/2006 07:48:48 PM    Edit  |   Quote  |   Report 
How to configure IBM WebSEAL to support Kerberos protocol for Single Sign-On (SSO)
http://publib.boulder.ibm.com/tividd/td/ITAME/SC32-1359-00/en_US/HTML/am51_webseal_guide78.htm

 Profile | Reply Points Earned: 0

 
Powered by ForumEasy © 2003-2005, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.