This documentation has been tested and written for the following software releases and versions:
Requirements
Component | Requirement | Comments |
|---|---|---|
Airlock Gateway | Version 7.3 or newer
| None. |
Airlock IAM | Version 7.2 or newer | |
Active Directory | Functional level „Windows Server 2012“ or higher | |
Back-end | Windows Server 2012 or newer | The back-end web application must run on this operating system and be a member of the Active Directory Domain. |
Medium – Although some functions might work with other Airlock Gateway, Airlock IAM, Airlock Microgateway, Airlock add-on modules and/or 3rd party software versions, it is highly recommended using the releases this documentation is based on.
Always install the latest bugfix release before proceeding.
Prerequisites
Component | Requirement | Comments |
|---|---|---|
Active Directory Domain Controller | Domain administator permissions | Necessary for:
|
Back-end | Administrative permissions | Necessary for:
|
Back-end | Supports Kerberos authentication | The Airlock Gateway propagates user's identity with Kerberos constrained delegation. This is done with the Kerberos Version 5 GSS-API (RFC 1964). Therefore, the IIS web server must be configured for Kerberos authentication and support this protocol. |
Network connection from | to the Active Directory domain controllers:
to the back-end server:
| For cross domain setups multiple domain controllers from different domains might be involved. |
Time | Time needs to be synchronized between:
| Kerberos has strict time requirement. If the time is not synchronized within the configured time limits, authentication fails. |