Procedure-related prerequisites
- None.
Instruction
- Go to: Loginapp >> Application Settings.
- Edit the Target Application for Web application's.
- Configure a Kerberos Identity Propagator (requires Airlock Gateway) as Identity Propagator.
- Set the following values:
- -Kerberos Users: Configure the plugin Kerberos User Definition
- Edit the Kerberos User Definition
- Set the following values:
- -Username Attribute: <YOUR sAMAccountname or USER's UPN>
- -Windows Domain: <YOUR ACTIVE DIRECTORY DOMAIN WHICH CONTAINS THE USER>
- -Mapping Name: <YOUR AIRLOCK GATEWAY MAPPING>
- Windows Domain: It is highly recommended in cross-domain setups to configure the username precisely.
- This can be achieved by:
- Configuring the sAMAccountname in Username Attribute and the Windows Domain.
- Configuring the User UPN in Username Attribute and leave the Windows Domain empty.
Do not configure the User UPN in the Username Attribute and the Windows Domain. - Mapping Name: This is an optional field.
- Click on the Activate button.
- The configuration has been updated successfully.
HIGH – Only one Kerberos user per Airlock Gateway session
- Ensure that only one Kerberos user is set without Mapping Name.
- In case that a different user should be propagated to a specific web application, define a Kerberos user with the Mapping Name (see Example).