How do I get the WDSSO authentication module to work in AM 6.x with the IBM Kerberos implementation?
The purpose of this article is to provide information on getting the Windows Desktop SSO (WDSSO) authentication module to work in AM using the IBM® Kerberos™ implementation. This applies when you have deployed AM on IBM WebSphere® and are using the IBM JVM.
1 reader recommends this article
Enabling the IBM Kerberos implementation
The WDSSO authentication module uses the Oracle® Kerberos implementation by default. If you are using the IBM JVM, you must enable the IBM Kerberos implementation to allow the WDSSO authentication module to function correctly.
Note
When enabling the IBM Kerberos implementation via the AM admin UI or ssoadm, you will get a warning about unidentified property or invalid property; you can ignore this warning as the property is still added successfully.
You can enable the IBM Kerberos implementation using either the AM admin UI or ssoadm:
- AM admin UI: navigate to: Configure > Server Defaults > Advanced and add the following property and value: com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule = com.ibm.security.auth.module.Krb5LoginModuleOnce you have entered the property and value, click + to add followed by Save Changes.
- ssoadm: enter the following command: $ ./ssoadm update-server-cfg -s default -u [adminID] -f [passwordfile] -a com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule=com.ibm.security.auth.module.Krb5LoginModulereplacing [adminID] and [passwordfile] with appropriate values.
Adding this property to the Server Defaults ensures it will be inherited by any AM server sharing the same configuration store.
Note
You must restart the web application container in which AM runs to apply these configuration changes.
See Also
How do I set up Kerberos authentication in AM (All versions)?
OpenAM Windows Desktop SSO deep dive – part 1
How do I set up the WDSSO authentication module in AM (All versions) in a load balanced environment?
How do I specify multiple Kerberos servers in AM (All versions) for failover purposes?
Configuring and troubleshooting Kerberos and WDSSO in AM
Windows Desktop SSO Authentication Module
Related Training
N/A
Related Issue Tracker IDs
N/A