[37333] in Kerberos
sso authentication via a physical load-balancer towards a WebLogic
daemon@ATHENA.MIT.EDU (Adi Leica)
Sun Nov 29 23:26:12 2015
MIME-Version: 1.0
From: Adi Leica <adileica@gmail.com>
Date: Mon, 30 Nov 2015 00:20:08 +0100
Message-ID: <CAFHvvKZLj5VpHjDuorsPYK+oZiN+pZVWtFvtKsSPrUy3OUZhAw@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello Kerberos Community.
At the organisation where I work we are trying to achieve SSO
authentication using Kerberos mechanism on the following setup:
- physical load-balancer (machine1) receiving incoming http sessions,
but redirecting the traffic to a WebLogic Server (machine2).
The application deployed on the WLS instance is the one expected to allow
or disallow a user to login, but the exposed URL is the one of the frontend
Load Balancer.
The Service Account in MS AD has an account with the logon HTTP/
machine1.mydomain.com@mydomain.com
Is this correct ?
Our WebLogic instance has the keytab of machine1 as a parameter, but is
not able to allow automatic login for users.
We only managed to make it work with an SPN of HTTP/
machine2.mydomain.com@mydomain.com and accesing the URL exposed by
machine2, but this is not what we want.
Thank you in advance for any advice about what we might be missing.
Regards,
Adrian
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
