Administration Guide > Configuration > Settings in Variables > UC_KDC_SETTINGS - Single Sign-On

UC_KDC_SETTINGS - Single Sign-On

Variable for configuring the KDC  Single Sign-on mechanism.

Key

Value1

Restart necessary

Fully-qualified domain of the OS user

Department of the Automation Engine system's user

No
KEYTAB Path and file name of the keytab file Yes
HTTP Name of the host the web interface is installed upon. Yes

Description

Logging in via KDC (Key Distribution Center) Single Sign-on to the Automation Engine system requires a suitable configurationA set of constituent components that make up a system. This includes information on how the components are connected including the settings applied. via the variable object UC_KDC_SETTINGS.

The full instructions for Setting up Single Sign-On can be found in the Administrator Guide.

The variable is located in client 0000 and must be modified there. Transfer to another client is not possible since the settings apply to the entire system.

The following three definitions must be implemented in this variable:

  1. Specify keytab file
    Authentication is performed in Single Sign-on mode using the Keytab file. This value is therefore mandatory.
    Define a variable item using the "KEYTAB" key. Enter the path and name of the Keytab file in the associated value column.
  2. Specify domain
    The operating system users, which are for authentication, are searched for via Automation Engine users. If the Automation Engine client contains one or more users with the same name but a different departmentDepartment name to which the Automation Engine user belongs., a corresponding assignment must be defined via the variable object. The fully-qualified domain name of the operating system user (Key column) must be assigned to the AE user's department (Value1 column).
  3. Specify HTTP as Service Principal Name
    In order to implement Single Sign-on for web applications (such as Enterprise Control Center or Application Release Automation), a keytab file with HTTP as Service Principal Name is required.
    The SPN name must also be entered in this variable using the "HTTP" key. If several ECC/ARA installations are available for an Automation Engine system, then other names separated by a semi colon can be added. For details refer to the Setting up Single Sign-on page.

 

Also see:

Tabular Overview of all Variables
Variable