Toggle navigationAirlock Secure Access HubAbout this documentAbout Airlock Gateway Release notesGetting startedGeneral warnings and recommendationsBasic conceptsREST API based configuration and administrationConfiguration Center (GUI)Configuration examples and guidesIntegration of 3rd-party products and applicationsControl APIHeader-based session trackingCSRF protection for SPAsICAP configurationJWKS providers configurationGraphQL integrationLet’s Encrypt as certificate providerThreat intelligenceMicrosoft integrationPublishing Microsoft Exchange 2016Publishing Microsoft Exchange 2019Publishing Microsoft SharePoint 2016Publishing Microsoft SharePoint 2019Publishing Microsoft WebDAVKerberos integrationRequirementsAbout Back-side Kerberos SSOOverviewConceptExampleSingle domain setupLimitationsPrepare Kerberos for Airlock Gateway integrationEnable Kerberos authenticationEnable Kerberos authentication in IIS 10.0Enable Kerberos authentication in IIS 8.5Enable Kerberos authentication in IIS 7.5Enable Kerberos authentication in IIS 6.0Register SPNRegister SPN for the service userDisable Kernel-mode authenticationDisable Kernel-mode authentication in IIS 10.0Disable Kernel-mode authentication in IIS 8.5Disable Kernel-mode authentication in IIS 7.5Register SPN for the machine accountMitigate the risk of broken authenticationKeepAlive configuration for back-end connectionsDisable authPersistNonNTLM in IIS 10.0Disable authPersistNonNTLM in IIS 8.5Disable authPersistNonNTLM in IIS 7.5Active Directory configurationSystem user for Kerberos constrained delegationCreate a system userEnable Kerberos constrained delegation for the system userAllow Kerberos constrained delegation in a single domain setupAirlock Gateway configurationCreate a Kerberos EnvironmentRestrict access to the Web application's mappingConfigure Kerberos Environment for the back-end groupCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationAirlock IAM configurationConfigure Airlock IAM for Web application'sCross-domain setupLimitationsPrepare Kerberos for Airlock Gateway integrationEnable Kerberos authenticationEnable Kerberos authentication in IIS 10.0Enable Kerberos authentication in IIS 8.5Enable Kerberos authentication in IIS 7.5Enable Kerberos authentication in IIS 6.0Register SPNRegister SPN for the service userDisable Kernel-mode authenticationDisable Kernel-mode authentication in IIS 10.0Disable Kernel-mode authentication in IIS 8.5Disable Kernel-mode authentication in IIS 7.5Register SPN for the machine accountMitigate the risk of broken authenticationKeepAlive configuration for back-end connectionsDisable authPersistNonNTLM in IIS 10.0Disable authPersistNonNTLM in IIS 8.5Disable authPersistNonNTLM in IIS 7.5Active Directory configurationSystem user for Kerberos constrained delegationCreate a system userEnable Kerberos constrained delegation for the system userAllow Kerberos constrained delegation in a cross-domain setupAirlock Gateway configurationCreate a Kerberos EnvironmentRestrict access to the Web application's mappingConfigure Kerberos Environment for the back-end groupCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationAirlock IAM configurationConfigure Airlock IAM for Web application'sAdvanced SetupBack-end Failover / Load BalancingSame Host Header / SPNDifferent Host Header / SPNTips for troubleshootingKB - Verify the Airlock Gateway license for Back-side Kerberos SSOKB - Verify the domain and forest functional levelKB - The delegation tab is not availableKB - Access the back-end server directlyKB - Look for Kerberos log messagesKB - Inspect the Airlock Gateway sessionKB - Verify Host Header sent corresponds to the IIS configurationKB - Does the back-end server accept KerberosKB - Verify the Back-side Kerberos SSO SetupKB - Verify time synchronizationKB - Delayed response from configured domain controllersKB - Broken authentication in back-endKB - Verify the DNS configuration for Back-side Kerberos SSOKB - Network analysis for Back-side Kerberos SSOKB - How to enable Kerberos event loggingOperation tasksReference documentationExpert settings collectionTips for troubleshootingIntegration of 3rd-party products and applicationsMicrosoft integrationKerberos integrationKerberos integrationRequirementsAbout Back-side Kerberos SSOSingle domain setupCross-domain setupAdvanced SetupTips for troubleshooting
RequirementsAbout Back-side Kerberos SSOSingle domain setupCross-domain setupAdvanced SetupTips for troubleshooting