[keycloak-user] Understanding "Server Principal" in Kerberos setup
mj
lists at merit.unu.edu
Thu Jul 6 17:15:51 EDT 2017
Hi,
I can only say that what I did, is add
"HTTP/keycloak.some.domain.com" to the AD account.
After exporting, the principal looks like:
HTTP/keycloak.some.domain.com at WHATEVER.ELSE.COM
I'm not sure if the upper case REALM matters.
Hope that helps,
MJ
On 07/06/2017 07:19 PM, Malte Finsterwalder wrote:
> Hi there,
>
> I'm trying to set up Keycloak to use Kerberos with Active Directory.
> But I'm not sure, I understand the Server Principal correctly.
>
> Keycloak is running on a server, that is reachable under
> keycloak.some.domain.com
> The Kerberos Realm is whatever.else.com
>
> So is the Server Principal correctly specified as:
>
> HTTP/keycloak.some.domain.com at whatever.else.com
>
> Or more general HTTP/<CLIENT HOST>@<Kerberos Realm>
>
> And is <Kerberos Realm> in the Server Principal always the same as stated
> in "Kerberos Realm" in the admin ui?
>
> And does case matter anywhere?
>
> Greetings,
> Malte
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list