sso authentication via a physical load-balancer towards a WebLogic server
Adi Leica
adileica at gmail.com
Sun Nov 29 18:20:08 EST 2015
Hello Kerberos Community.
At the organisation where I work we are trying to achieve SSO
authentication using Kerberos mechanism on the following setup:
- physical load-balancer (machine1) receiving incoming http sessions,
but redirecting the traffic to a WebLogic Server (machine2).
The application deployed on the WLS instance is the one expected to allow
or disallow a user to login, but the exposed URL is the one of the frontend
Load Balancer.
The Service Account in MS AD has an account with the logon HTTP/
machine1.mydomain.com at mydomain.com
Is this correct ?
Our WebLogic instance has the keytab of machine1 as a parameter, but is
not able to allow automatic login for users.
We only managed to make it work with an SPN of HTTP/
machine2.mydomain.com at mydomain.com and accesing the URL exposed by
machine2, but this is not what we want.
Thank you in advance for any advice about what we might be missing.
Regards,
Adrian
More information about the Kerberos
mailing list