How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I get the WDSSO authentication module to work in AM 6.x with the IBM Kerberos implementation?

Last updated Jan 12, 2023

The purpose of this article is to provide information on getting the Windows Desktop SSO (WDSSO) authentication module to work in AM using the IBM® Kerberos™ implementation. This applies when you have deployed AM on IBM WebSphere® and are using the IBM JVM.

1 reader recommends this article

Enabling the IBM Kerberos implementation

The WDSSO authentication module uses the Oracle® Kerberos implementation by default. If you are using the IBM JVM, you must enable the IBM Kerberos implementation to allow the WDSSO authentication module to function correctly.


When enabling the IBM Kerberos implementation via the AM admin UI or ssoadm, you will get a warning about unidentified property or invalid property; you can ignore this warning as the property is still added successfully.

You can enable the IBM Kerberos implementation using either the AM admin UI or ssoadm:

  • AM admin UI: navigate to: Configure > Server Defaults > Advanced and add the following property and value: com.sun.identity.authentication.module.WindowsDesktopSSO.Krb5LoginModule = you have entered the property and value, click + to add followed by Save Changes.
  • ssoadm: enter the following command: $ ./ssoadm update-server-cfg -s default -u [adminID] -f [passwordfile] -a [adminID] and [passwordfile] with appropriate values.

Adding this property to the Server Defaults ensures it will be inherited by any AM server sharing the same configuration store.


You must restart the web application container in which AM runs to apply these configuration changes.

See Also

How do I set up Kerberos authentication in AM (All versions)?

OpenAM Windows Desktop SSO deep dive – part 1

How do I set up the WDSSO authentication module in AM (All versions) in a load balanced environment?

How do I specify multiple Kerberos servers in AM (All versions) for failover purposes?

Configuring and troubleshooting Kerberos and WDSSO in AM

Windows Desktop SSO Authentication Module

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.