Overview

The following image shows the basic steps for Back-side Kerberos SSO, where the authenticated users are propagated to the back-end server.

1. The user requests access to the back-end web application.
2. Airlock IAM authenticates the user and informs Airlock Gateway to propagate user's identity using back-side Kerberos SSO.
3. Airlock Gateway requests a Kerberos ticket from the Active Directory domain controller on behalf of the user with his technical system user.
4. Airlock Gateway sends the HTTP request to the back-end server and appends the user’s Kerberos ticket.