Troubleshooting

KB - Verify the Back-side Kerberos SSO Setup

Affects product

  • Airlock Gateway

Question or problem

Verify the Kerberos configuration on Airlock Gateway, the Active Directory domain controller and the back-end server with the test program.

Procedure-related prerequisites

  • You need to be logged in as root on the Airlock Gateway console.

Example values

  • Kerberos Environment: int.virtinc.com-ch
  • Kerberos user: test1@int.virtinc.com
  • SPN: http/webapp.int.virtinc.com
  • Internal URL: https://webapp.int.virtinc.com

Instruction

  1. Test execution and verification:
  2. Run the following commands:
    3. copy
    airlock-test-kerberos -v -e int.virtinc.com-ch test1@int.virtinc.com HTTP/webapp.int.virtinc.comhttps://webapp.int.virtinc.com

    The test program stops in case of errors occur.

  3. Verify the following:
    • -When running airlock-test-kerberos with the internal URL, the HTTP response code is not 401.
    • -The test program runs through without any problems.
  4. The verification steps from the above were successful.
  • In case of failure:
  • Analyze the output of the test program and verify the settings on all involved systems.