How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I get the WDSSO authentication module to work in AM 5.x or 6.x with the IBM Kerberos implementation?

Last updated Jun 2, 2021

The purpose of this article is to provide information on getting the Windows Desktop SSO (WDSSO) authentication module to work in AM using the IBM® Kerberos™ implementation. This applies when you have deployed AM on IBM WebSphere® and are using the IBM JVM.


1 reader recommends this article

Enabling the IBM Kerberos implementation

The WDSSO authentication module uses the Oracle® Kerberos implementation by default. If you are using the IBM JVM, you must enable the IBM Kerberos implementation to allow the WDSSO authentication module to function correctly.

Note

When enabling the IBM Kerberos implementation via the console or ssoadm, you will get a warning about unidentified property or invalid property; you can ignore this warning as the property is still added successfully.

You can enable the IBM Kerberos implementation using either the console or ssoadm:

  • Console: navigate to: Configure > Server Defaults > Advanced and add the following property and value: com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule = com.ibm.security.auth.module.Krb5LoginModuleOnce you have entered the property and value, click + to add followed by Save Changes.
  • ssoadm: enter the following command: $ ./ssoadm update-server-cfg -s default -u [adminID] -f [passwordfile] -a com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule=com.ibm.security.auth.module.Krb5LoginModulereplacing [adminID] and [passwordfile] with appropriate values.

Adding this property to the Server Defaults ensures it will be inherited by any AM server sharing the same configuration store.

Note

You must restart the web application container in which AM runs to apply these configuration changes.

See Also

How do I set up Kerberos authentication in AM (All versions)?

OpenAM Windows Desktop SSO deep dive – part 1

How do I set up the WDSSO authentication module in AM (All versions) in a load balanced environment?

How do I specify multiple Kerberos servers in AM (All versions) for failover purposes?

Configuring and troubleshooting WDSSO in AM

Authentication and Single Sign-On Guide › Windows Desktop SSO Authentication Module

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.