UC_KDC_SETTINGS - Single Sign-On
Variable for configuring the KDC single sign-on mechanism.
|
Key |
Value1 |
Restart necessary |
|---|---|---|
|
Fully-qualified domain of the OS user |
Department of the Automation Engine system's user |
No |
| KEYTAB | Path and file name of the keytab file | Yes |
| HTTP | Name of the host where the web interface is installed | Yes |
Description
To be able to log in via KDC (Key Distribution Center) single sign-on to the Automation Engine system, you need to configure the system variable UC_KDC_SETTINGS accordingly.
This variable is available in client 0000 and must be modified here. You cannot transfer it to any other client because its settings apply to the entire system.
The following three definitions are required:
- Specify the domain
The OS users used for authentication are searched via the Automation Engine users. If the Automation Engine client contains one or more users of the same name but a different department, each of these departments must be assigned to a domain in the variable. Assign the fully-qualified domain name of the OS user (Key column) to the AE user's department (Value1 column). - Specify the keytab file
Authentication in single sign-on mode is made through the keytab file.This value is therefore mandatory.
Specify the value "KEYTAB" in the Key column of the Variable object and the key tab file in the column "Value 1".
- Specify HTTP as the Service Principal Name (SPN)
The SPN name must be entered in this variable by using the "HTTP" key. If several AWI/ARA installations are available for an Automation Engine system, then you can add other names separated by a semi colon.
See the full instructions for setting up single sign-on in the Installation Guide.
Also see: