Kerberos Authentication on IAG

Newbie022733 Lv1Posted 13 Jul 2023 00:24

Hi everyone,
Who can describe the process of integration with Kerberos to authenticate users on IAG?

Newbie517762 has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

HiHi,

Please find the link below for the IAG IWA SSO Configuration Guide for your reference:
Is this answer helpful?
Newbie022733 Lv1Posted 16 Jul 2023 01:14
  
Thank you guys!
Faisal P Posted 14 Jul 2023 00:13
  
Hi,

Integrating Kerberos authentication with Sangfor IAG involves configuring both the Kerberos realm and the IAG settings. Here's a high-level overview of the process:

Prepare the Kerberos environment: Ensure that you have a functioning Kerberos realm with the necessary configuration. This includes a Key Distribution Center (KDC) and a Kerberos database (typically implemented using Microsoft Active Directory).

Configure Kerberos realm settings: In the Kerberos realm configuration, you'll need to define the realm name, KDC server details, and realm-specific settings. This typically involves creating a krb5.conf file with the necessary information.

Configure IAG settings: Access the Sangfor IAG management console and navigate to the authentication settings. Enable the Kerberos authentication method and provide the relevant configuration details, such as the Kerberos realm name, KDC server details, and service principal name (SPN).

Service Principal Name (SPN) configuration: You'll need to create an SPN for the IAG server in the Kerberos realm. This allows the IAG server to authenticate itself to the Kerberos server. The SPN is associated with a specific service on the IAG server, such as HTTP or HTTPS.

Configure browser settings: To enable seamless authentication, you may need to configure browser settings on the client side. This involves adding the IAG server's URL to the list of trusted sites and ensuring that the browser is set to automatically send Kerberos authentication credentials.

Test and validate: Once the configuration is complete, test the integration by accessing a resource through the IAG server. The Kerberos authentication process should authenticate the user transparently without requiring additional login prompts.

Thanks

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders