![]() (The default is port 88 other ports may be specified in the KDC's kdc.conf file.).įigure 2 shows how to create a user in Active Directory. In order for clients on the workstation and on OpenShift to access the KDC, the firewall protecting the Windows Server where Active Directory is deployed needs to allow UDP requests to the port the KDC is running. A local user called adminuser will be used to authenticate to Active Directory from the workstation later. In this example, I'm using the domain sso-demo.local. The KDC uses the domain's Active Directory Domain Services database as its security account database. The KDC is integrated with Windows Server security services that run on the domain controller. Create a user in Active DirectoryĪctive Directory Domain Services are required for default Kerberos implementations within the domain or forest. The Windows Server contains Active Directory and the KDC in the domain sso-demo.local. ![]() The secured web application and Red Hat's SSO with a kinit client are both deployed on OpenShift with in the domain. When accessing the web application from the browser, the TGT is used to obtain a ST from the TGS to authenticate to Red Hat's SSO. In this example, the user at some point before trying to access the web app, obtains a TGT using Kinit on the workstation to authenticate to Active Directory. Sso-demo.local: A Windows Server with Active Directory and KDC.įigure 1: Architecture with three hosts Figure 1: Architecture with three hosts.: A Red Hat OpenShift cluster containing Red Hat's SSO with a kinit client and the secured web application.Workstation: Contains the kinit client for user authentication to Active Directory and the browser for accessing the secured web application.Architectureįigure 1 shows the architecture used in this example, where 3 hosts are being used: The source code for this tutorial can be found here: (use branch rhblog) and here (use branch rhblog). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |