This document is based on the following versions and requirements. Older versions may also work but may lack some features or require a slightly different configuration.

Airlock WAF
Version 7.1 or newer:
Valid Airlock Gateway (WAF) license for at least the following 2 web applications:
  • Airlock IAM
  • Back-end application
Install latest Airlock Gateway (WAF) updates before proceeding.
Airlock IAM
Version 7.0 or newer:
  • Valid Airlock IAM license with the following license bundles:
    • Airlock IAM
    • Enhanced Authentication
  • Optional: Kerberos tools installed (only required for troubleshooting).
    For CentOS: yum install krb5-workstation
Install latest Airlock IAM updates before proceeding.
Network connections
from Airlock IAM
To the Active Directory Domain Controller:
UDP and TCP Port 88 (Kerberos)
TCP Port 636 (LDAPS)
Time synchronization
Time needs to be synchronized between:
  • Airlock IAM
  • Active Directory Domain Controller
  • Windows Client
Kerberos has a strict time synchronization requirement.
If time is not synchronized within some narrow limits, authentication fails.
  • Windows Operating System which is joined to the Active Directory Domain.
  • Connectivity to the Active Directory Domain Controller in order to request Kerberos Tickets.
Is signed in with his Active Directory Domain User Account.