Managing Master Data with webMethods OneData 10.5 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | Single Sign On (SSO) | Setting up the Windows Server and Active Directory
Setting up the Windows Server and Active Directory
Use this procedure to configure Active Directory (KDC) for Integrated Windows authentication using the RC4 encryption algorithm. In the same procedure, you can replace RC4 with any encryption algorithm of choice.
1. In the Active Directory management console:
a. To enable RC4 Kerberos encryption, ensure that the OneData users do not have any type of encryption selected.
b. Create a new client user group.
This is the unique client user group assigned to the OneData users who need to log in to OneData using SSO with Kerberos authentication.
c. Add the OneData users to the client user group.
Tip: The name of the client user role should be the same as the name configured in the OneData web.xml security constraint.
d. Create a new server user.
This user connects to the Key Distribution Center (KDC) from the Windows Server.
2. On the Windows Server machine, create a keytab file and a Service Principal Name (SPN) for the machine where OneData is installed as follows:
ktpass -out <Keytab_File_Name>.keytab -princ
HTTP/<FQDN_of_OneData_Server_Machine>@<Domain_Name> -mapUser
<Server_Username>@<Domain_Name> -mapOp set -pass
<Server_User_Password> -crypto all -ptype
Note: Ensure that you only create one SPN for each user.
ktpass -out SERVER_USER.keytab -princ
SERVER_USER@DEV.RNDLAB.LOC -mapOp set -pass SERVER_USERPASS -crypto all -pType
3. Copy the keytab file to any preferred location on the Windows machine where OneData is installed.
Tip: Make note of the absolute path of the keytab file location.

Copyright © 2011-2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.