USER MANUALS

Kerberos Configuration

This tab allows you to configure the Information Self-Service Tool to use Kerberos to authenticate the users with Virtual DataPort by using Single Sign On, which means that the Information Self-Service Tool users will not have to provide their credentials.

Before configuring Kerberos in the Information Self-Service Tool, you need to configure the Kerberos authentication in the Virtual DataPort servers to which the Information Self-Service Tool is going to authenticate its users. To do that, follow the instructions of the postinstallation task Setting-up Kerberos Authentication in the Information Self-Service Tool of the Installation Guide and then, the instructions of the section Kerberos Authentication of the Virtual DataPort Administration Guide.

Finally, set-up the Kerberos authentication in the Information Self-Service Tool. In the wizard to do it (see figure below), provide the following details:

Kerberos configuration dialog

Kerberos configuration dialog

  1. Select Use Kerberos.

  2. In the box Server Principal enter the “Service Principal Name” (SPN) used to create the keytab file. That is, the SPN with the Fully Qualified Domain Name (FQDN) of the server where the Information Self Service Tool is running. For example, “HTTP/denodo-prod.subnet1.contoso.com@CONTOSO.COM”.

  3. In the box Keytab file enter the path to the keytab file.

  4. Leave the Kerberos configuration file box empty unless the host where this Information Self-Service Tool runs does not belong to a Kerberos realm (e.g. a Windows Active Directory domain). If this host does not belong to a Kerberos realm, do one of the following:

    1. Enter the path to the krb5.conf or krb5.ini file with the Kerberos settings.

    2. Or follow the steps described in the appendix Using Kerberos Authentication in Virtual DataPort Without Joining a Kerberos Realm of the Installation Guide.

  5. We recommend selecting the check box Activate Kerberos debug mode the first time you set up Kerberos in case you run into any issues. Once Kerberos has been set up, disable this.

    When this option is enabled, check the appendix How to Debug Kerberos in Web Applications of the Installation Guide to learn how to see the debug information.

Then, restart the Information Self-Service Tool to have these changes take effect. The next time you launch the tool (and if everything is correctly configured) you will see a new dialog in the login screen (Single Sign On Login) to authenticate by using Single Sign On (you cannot use Kerberos along with login and password) against the chosen VDP server. In order to succeed, it is necessary that the URL in the browser points to the FQDN configured in previous steps (for instance, http://host1.subnet1.contoso.com/…).

Single Sign On Login

Single Sign On Login

Add feedback