Configuring Kerberos Authentication
Perform the following high-level steps to enable single sign-on for My webMethods Server with Windows Integrated Authentication and Kerberos:
1. Configure Active Directory, and the Windows Server that hosts Active Directory as the KDC for Kerberos authentication
2. Configure a directory service for the Active Directory, and Kerberos authentication in My webMethods Server
3. Configure web clients for single sign-on with Kerberos.
If authenticating a request using SSO with Kerberos fails, for example, because an exception occurs when processing the Kerberos token, My webMethods Server uses the default forms authentication scheme and redirects unauthorized requests to the login page. If you change the default authentication scheme or the target page for unauthorized requests, My webMethods Server uses the new default scheme, or page.
When your environment includes multiple web clients, you can configure only specific clients to use Kerberos authentication. Unconfigured web clients display a blank page when the Kerberos authentication scheme is used for logging in to My webMethods Server. In this case, users can refresh the web clients to use the default authentication scheme and log in using the login page.