How do I get the WDSSO authentication module to work in AM 6.x with the IBM Kerberos implementation?

Last updated Jan 12, 2023

The purpose of this article is to provide information on getting the Windows Desktop SSO (WDSSO) authentication module to work in AM using the IBM® Kerberos™ implementation. This applies when you have deployed AM on IBM WebSphere® and are using the IBM JVM.

1 reader recommends this article

Enabling the IBM Kerberos implementation

The WDSSO authentication module uses the Oracle® Kerberos implementation by default. If you are using the IBM JVM, you must enable the IBM Kerberos implementation to allow the WDSSO authentication module to function correctly.

Note

When enabling the IBM Kerberos implementation via the AM admin UI or ssoadm, you will get a warning about unidentified property or invalid property; you can ignore this warning as the property is still added successfully.

You can enable the IBM Kerberos implementation using either the AM admin UI or ssoadm:

AM admin UI: navigate to: Configure > Server Defaults > Advanced and add the following property and value: com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule = com.ibm.security.auth.module.Krb5LoginModuleOnce you have entered the property and value, click + to add followed by Save Changes.
ssoadm: enter the following command: $ ./ssoadm update-server-cfg -s default -u [adminID] -f [passwordfile] -a com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule=com.ibm.security.auth.module.Krb5LoginModulereplacing [adminID] and [passwordfile] with appropriate values.

Adding this property to the Server Defaults ensures it will be inherited by any AM server sharing the same configuration store.

Note

You must restart the web application container in which AM runs to apply these configuration changes.

Related Training

N/A

Related Issue Tracker IDs

N/A

Enabling the IBM Kerberos implementation

Note

Note

See Also

Related Training

Related Issue Tracker IDs