The configuration of Back-side Kerberos SSO is split into 2 parts.
Part 1
The first part is in the Airlock Gateway configuration, which defines the following:
- If and where Back-side Kerberos SSO is used.
- The role set in Access restrictions >> Restricted to Roles.
- Under Credential Propagation >> SSO credential propagation, Kerberos is selected.
- The system user which is used to request a Kerberos Ticket for the user.
- The Kerberos Environment selected under Access >> Kerberos Environment.
Airlock Gateway Mapping configuration
Airlock Gateway Back-end Group configuration
Part 2
The second part is in the Airlock IAM configuration, which defines the following:
- Who should be propagated to the back-end server.