The following image shows the basic steps for Back-side Kerberos SSO, where the authenticated users are propagated to the back-end server.
- The user requests access to the back-end web application.
- Airlock IAM authenticates the user and informs Airlock Gateway to propagate user's identity using back-side Kerberos SSO.
- Airlock Gateway requests a Kerberos ticket from the Active Directory domain controller on behalf of the user with his technical system user.
- Airlock Gateway sends the HTTP request to the back-end server and appends the user’s Kerberos ticket.