Configuring Kerberos Authentication Service Provider

Kerberos network authentication protocol is designed to provide strong authentication for client-server applications by using secret-key cryptography.

1. Click Shared Objects > Resource Templates.
   The Resource Templates table is displayed.
2. Click .
   The Add Resource Template dialog is displayed.
3. From the Type drop-down list, select Kerberos Authentication.
4. On SAML Options tab, specify the following:
   1. Validity of SAML Tokens in seconds.
   2. Signer of SAML Tokens.
5. On Configuration File tab, specify the following:
   1. Kerberos Realm: Specify the Kerberos Realm name mentioned in the Kerberos .ini file or .conf file on your system.
   2. Kerberos Distribution Center: Specify the IP Address mentioned in the Kerberos .ini file.
   3. Kerberos Configuration File Option: Specify the Kerberos Configuration file location. You can either specify a system specific file location, or specify a custom file location, or generate your own configuration file.
   If you do not have the Kerberos Initialization file (for example, C:\winnt\krb.ini) in your system, Microsoft Active Directory will only act as an LDAP service and not as a Kerberos Domain Controller.
6. Click Advanced tab. Specify the following:
   1. Module Class
   2. Principal Name
   The Principal Name can be optional as it is generic at this stage. The right place to specify the Principal Name is when you define Authentication by Kerberos Governance Control template.
7. Check Keytab.
   If you are using server-side authentication, ensure that you check the Keytab option. If not, the session ticket is not generated. This field is optional when you are using client-side authentication.
   In addition to these steps, enable your browser to pass SPNEGO tokens by selecting the Enable Integrated Windows Authentication option on the Advanced tab of your browser and adding the site to the list of Trusted Sites.