You can configure Kerberos as required.
You can change properties that are highlighted as cross-tenant properties only by using the ARIS Cloud Controller command-line tool. To change the settings, enter the following:
reconfigure umcadmin_<size of your installation, s, m, or l> JAVA-D<property name>="<value>"
Example
reconfigure umcadmin_m JAVA-Dcom.aris.umc.loadbalancer.url="https://myserver.com"
General
Key |
Description |
---|---|
com.aris.umc.kerberos.active |
Use Kerberos Specifies whether a Kerberos-based login is allowed. Valid input true, false |
com.aris.umc.kerberos.kdc |
KDC Specifies the fully qualified name of the central Key Distribution Center (KDC). This is usually the fully qualified host name of the LDAP server. Valid input String Example mykdc.mydomain.com |
com.aris.umc.kerberos.realm |
Realm Specifies the realm of Kerberos tickets. Fully qualified domain name in uppercase letters. Valid input String Example MY.CORP.SOFTWAREAG.COM |
com.aris.umc.kerberos.servicePrincipalName |
Principal Specifies the name of the technical user used for verifying Kerberos tickets. If Kerberos is used, each user, computer or service provided by a server must be defined as a principal. Valid input String Example MyLogin |
com.aris.umc.kerberos.keyTab |
Key table Specifies the location of the keytab file that is used for Kerberos tickets. The file can be uploaded directly. Valid input String Example C:/safePlace/krb-umc.keytab |
com.aris.umc.kerberos.config |
Configuration file Storage location of the configuration file for Kerberos. The file can be uploaded directly. Valid input String Example ./config/Kerberos/krb5.conf |
Advanced settings
Key |
Description |
---|---|
com.aris.umc.kerberos.debug |
Debug output Specifies whether debug output is allowed for Kerberos operations. Valid input true, false |
com.aris.umc.kerberos.allowLocalUsers |
Allow local users Specifies whether the LDAP connection is mandatory for Kerberos-based login. If this option is enabled, Kerberos is used for the login of local users also. Valid input true, false |
com.aris.umc.kerberos.validateuser |
Ignore realm from service ticket Specifies whether or not the realm defined for the user principal name provided in the Kerberos ticket is to be ignored. The default value is false. Valid input true, false |
com.aris.umc.kerberos.tenant. |
Default tenant Specifies the default tenant for a Kerberos-based login. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. Valid input true, false |