Concept

The configuration of Back-side Kerberos SSO is split into 2 parts.

Part 1

The first part is in the Airlock Gateway configuration, which defines the following:

  • If and where Back-side Kerberos SSO is used.
  • Airlock Gateway Mapping configuration

    • The role set in Access restrictions >> Restricted to Roles.
    • Under Credential Propagation >> SSO credential propagation, Kerberos is selected.
  • The system user which is used to request a Kerberos Ticket for the user.
  • Airlock Gateway Back-end Group configuration

    • The Kerberos Environment selected under Access >> Kerberos Environment.

Part 2

The second part is in the Airlock IAM configuration, which defines the following:

  • Who should be propagated to the back-end server.