Configuring My webMethods Server for Kerberos Authentication

Use the following procedure to configure My webMethods Server for Kerberos authentication.

To configure My webMethods Server for Kerberos authentication

1. Log in to My webMethods Server as Administrator and configure LDAP for the Active Directory configured for Kerberos authentication server or create client user accounts in My webMethods Server. Even the user account for the Windows server machine must be included in LDAP or My webMethods Server user accounts.

For information about configuring LDAP, see Configuring an External LDAP, ADSI, or ADAM Directory Service.

2. Edit and save the Software AG_directory \profiles\MWS_default\configuration\jaas.conf file to include the code below to the end of the file:

spnego-server{
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
principal="HTTP/<FQDN_of_Active_Directory_Server>"
useKeyTab=true
keyTab="<Keytab_file_absolute_path>"
storeKey=true
isInitiator=false
debug=false;
};

3. Edit and save the Software AG_directory \profiles\MWS_default\configuration\custom_wrapper.conf file to include the properties mentioned below:

wrapper.java.additional.602=-Dsun.security.krb5.debug=false
wrapper.java.additional.603=-Djavax.security.auth.
useSubjectCredsOnly=false

4. Restart My webMethods Server.

5. Log in to My webMethods Server as system administrator.

6. Navigate to Configuration > KerberosAuthentication Administration and provide the appropriate values for the Realm (specify all the machines managed by KDC) and the KDC server.

7. Navigate to Configuration > Alias Management and change the default authentication scheme for My webMethods Server to Kerberos. For instructions, see Specifying a Default Authentication Scheme.

8. Restart My webMethods Server.