Previous Topic: Configure Windows Workstation

Next Topic: Configure a Kerberos External Realm on Windows

Administration GuideConfigure SPS to Support Integrated Windows AuthenticationConfigure SPS to Support Integrated Windows AuthenticationKerberos Authentication SchemesConfigure Kerberos AuthenticationConfigure a Kerberos Authentication Scheme

Configure a Kerberos Authentication Scheme

A custom authentication scheme is required to support Kerberos authentication in the SIteMinder environment. Associate this authentication scheme with any realm whose protected resources use Kerberos authentication.

Follow these steps:

  1. Log in to the Administrative UI.

    Note: When you create or modify a Policy Server object in the [set the ufi variable for your book], use ASCII characters. Object creation or modification with non-ASCII characters is not supported.

  2. Select Infrastructure, Authentication, Authentication Schemes.
  3. Click Create Authentication Scheme.
  4. Select Custom Template from the Authentication Scheme Type list.

    Custom Template settings appear.

  5. Enter smauthkerberos in the Library field.
  6. Enter the following values in the Parameter field. Enter the values in the order in the following list, delimited by semicolons:
    1. The name of the host web server and target fields
    2. The Policy Server principal name from the Kerberos domain
    3. The mapping between user principal and the user store search filter

    LDAP Example 1: http://win2k8sps.test.com/siteminderagent/Kerberos/creds.kcc;smps/winps.test.com@TEST.COM;(uid=%{UID})

    LDAP Example 2: http:/win2k8sps.test.com/siteminderagent/Kerberos/creds.kcc;smps/winps.test.com@TEST.COM;(uid=%{UID})

    AD Example 1: http://win2k8sps.test.com/siteminderagent/Kerberos/creds.kcc;smps/winps.test.com@TEST.COM;(cn=%{UID})

    AD Example 2: http://win2k8sps.test.com/siteminderagent/Kerberos/creds.kcc;smps/winps.test.com@TEST.COM;(cn=%{UID})

    ODBC Example 1: http://win2k8sps.test.com/siteminderagent/Kerberos/creds.kcc;smps/winps.test.com@TEST.COM;%{UID}

    ODBC Example 2: http://win2k8sps.test.com/siteminderagent/Kerberos/creds.kcc;smps/winps.test.com@TEST.COM;%{UID}

  7. Click OK.

    The Kerberos Authentication scheme is saved and appears in the Authentication Scheme List.