[keycloak-user] keycloak-user Digest, Vol 54, Issue 41
Otaño Pavo, Cesar
c.otano at ibermatica.com
Wed Jun 27 02:37:08 EDT 2018
Hi Dominique,
There is an error in the description of the ktpass command.
the command is really: ktpass -out c:\keycloak.keytab -princ HTTPS/facultativoskeycloak.sanbox.local at SANBOX.LOCAL -mapUser Keycloak at SANBOX.LOCAL -pass XXXXX -kvno 0 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT
Regards
------------------------------
Message: 5
Date: Tue, 26 Jun 2018 12:46:01 +0000
From: Dominique ARNOU <dominique.arnou at cnieg.fr>
Subject: Re: [keycloak-user] Kerberos authentication in Windows
To: Ota?o Pavo, Cesar <c.otano at ibermatica.com>,
"keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Message-ID:
<DB6PR07MB323955D8C4121CCE0FFC686686490 at DB6PR07MB3239.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi
Your server principal would be HTTP/facultativoskeycloak.sanbox.local at SANBOX.LOCAL, not HTTPS/...
Dominique
-----Message d'origine-----
De?: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] De la part de Ota?o Pavo, Cesar
Envoy??: mardi 26 juin 2018 14:13
??: keycloak-user at lists.jboss.org
Objet?: [keycloak-user] Kerberos authentication in Windows
Hi,
I'm trying to set up user authentication mechanism for my website using Keycloak and Kerberos protocol. I have followed instructions from here: http://matthewcasperson.blogspot.com/2015/07/authenticating-via-kerberos-with.html
In Keycloak configuration menu I have changed Authentication Flow for Browser Kerberos from alternative to required. settings<http://i.imgur.com/hgAnHJJ.png>.
But after that when I'm going to my web page I got message "Kerberos is not set up. You cannot login."
Aditional information:
? Keycloak is installed in Windows Server 2012.
? Command to create keytabfile:
ktpass -out c:\keycloak.keytab -princ HTTP/facultativoskeycloak.sanbox.local at SANBOX.LOCAL -mapUser Keycloak at SANBOX.LOCAL -pass XXXXX -kvno 0 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT
? Configuration KRB5.ini located in c:\windows
[domain_realm]
.sanbox.local = SANBOX.LOCAL
sanbox.local = SANBOX.LOCAL
[libdefaults]
default_realm = SANBOX.LOCAL
permitted_enctypes = aes128-cts aes256-cts arcfour-hmac-md5
default_tgs_enctypes = aes128-cts aes256-cts arcfour-hmac-md5
default_tkt_enctypes = aes128-cts aes256-cts arcfour-hmac-md5
[realms]
SANBOX.LOCAL = {
kdc = sb-ad.sanbox.local
admin_server = sb-ad.sanbox.local
default_domain = SANBOX.LOCAL
}
? Kerberos Integration:
Allow Kerberos authentication: YES
Kerberos Realm SANBOX.LOCAL
Server Principal HTTPS/facultativoskeycloak.sanbox.local at SANBOX.LOCAL
KeyTab C:/keycloak.keytab
Debug YES
Use Kerberos For Password Authentication YES
Regards
Cesar
AVISO LEGAL
El contenido de este mensaje de correo electrónico, incluidos los ficheros adjuntos, es confidencial y está protegido por el secreto de las comunicaciones. Si usted recibe este mensaje por error, por favor notifique dicha circunstancia al remitente, borre el mensaje y no use, guarde, divulgue o copie su contenido.
LEGAL NOTICE
The contents of this email transmission and of any attached documents are confidential and are protected by the secrecy of correspondence. If you have received this message in error, please notify the sender and delete this message without using, storing, disclosing or copying its contents.
More information about the keycloak-user
mailing list