Tying an authentication mechanism to an authentication level can be very useful when writing security policy in ISAM. For example you might want a password based authentication (Such as Basic Auth or Forms Auth) to map to level 1, whilst you might hold a federated identity, or something achieved through another EAI to have a... Continue Reading →
My colleague has posted an in depth set of articles on IBM DeveloperWorks for Kerberos configuration with ISAM. It covers both Kerberos integration's, being Desktop SSO with Kerberos into ISAM, and junctioning to servers using Kerberos for Junction SSO. The article is available here: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/W746177d414b9_4c5f_9095_5b8657ff8e9d/page/Information%20and%20Guides%20for%20Kerberos%20SSO
If you want to use desktop SSO and use a fallback to Forms based authentication when that fails, you need to make sure you have a few settings right: (Assuming you have all the desktop SSO configured properly.) Under the [server] stanza, set the order of the authentication mechanisms. auth-challenge-type = spnego, forms We need... Continue Reading →
Have been trying for 24hrs now to configure Desktop SSO for WebSEAL (TAMeb). After having no issues on my VM, doing it in the customers environment proved strangely difficult. After trying to run: /usr/krb5/bin/kinit user@DOMAIN.COM Even after fixing the time servers, I continued to get the message: Unable to obtain initial credentials. Status 0x96c73a25... Continue Reading →
Philip Nye 