The following image shows the basic steps for Back-side Kerberos SSO, where the authenticated users are propagated to the back-end server.
- 1.The user requests access to the back-end web application.
- 2.Airlock IAM authenticates the user and informs Airlock Gateway to propagate user's identity using back-side Kerberos SSO.
- 3.Airlock Gateway requests a Kerberos ticket from the Active Directory domain controller on behalf of the user with his technical system user.
- 4.Airlock Gateway sends the HTTP request to the back-end server and appends the user’s Kerberos ticket.