Overview

The following image shows the basic steps for Back-side Kerberos SSO, where the authenticated users are propagated to the back-end server.

Diagram - Back-side Kerberos SSO
  • 1.
    The user requests access to the back-end web application.
  • 2.
    Airlock IAM authenticates the user and informs Airlock Gateway to propagate user's identity using back-side Kerberos SSO.
  • 3.
    Airlock Gateway requests a Kerberos ticket from the Active Directory domain controller on behalf of the user with his technical system user.
  • 4.
    Airlock Gateway sends the HTTP request to the back-end server and appends the user’s Kerberos ticket.