Access Manager Windows Desktop SSO
By Ashok Anumandla on May 08, 2008
Configuring Windows Desktop SSO in Access Manager is simple and easy, the technology is also simple, basically user presents the Kerberos token to the Access Manager through the SPNEGO protocol to perform Kerberos based SSO to Access Manager. But often configuring WindowsDesktopSSO takes more time than expected. So, here are the few things that needs to be remembered or aware of to configure Windows Desktop SSO.
- Make sure Active Directory is setup properly, because sometimes i have seen Active Directory not letting users to bind unless the user is part of administrator group. So, first, make sure end users can authenticate to AD without any problems. Making sure AD configured properly is very important.
- Access Manager and Active Directory systems clocks should be synchronized.
- Most of the Active Directory environments has multiple domain controllers, so, make sure ktpass run on the Primary Domain Controller, also make sure no typos.
- Access Manager and Domain Controller must have correct DNS entries, both forward and reverse DNS lookup should work.
- Make sure browser supports the SPEGO protocol, and user should be authenticated against domain controller to login to their Desktop.
- Restart the Access Manager after configuring desktop SSO authentication module.
- Enable Access Manager debug logs to troubleshoot the problem by checking amAuth and amAuthWindowsDesktopSSO log files.