Fastpath:
Understanding SSO with
Kerberos
Important: Before you configure SSO, make sure you have a migration strategy for your existing Jive users. Implementing SSO without migrating your users to your new authentication provider will orphan existing user accounts, so users can't access their community content.
Setting Up Kerberos SSO
- Service Principal
- The service principal used to communicate with the KDC and validate any user tickets passed to Jive. Typically, the Service Principal value is the user name for an account.
- Realm
- The realm for the service principal account user name you specified.
- (KDC) Key Distribution Center
- The hostname for the key distribution center. You may not need to provide this information if the realm already resolves to the KDC.
- Password
- Specifies the password for the service principal account user name you specified.
Advanced Settings
The following settings on the Advanced tab control some less commonly used SSO configurations.
- Debug Mode
- Enable to provide detailed logging for troubleshooting authentication problems. You
should disable this setting in production.
- Use Keytab for Authentication
- Enable to specify a keytab file as an alternate credentialing method. To upload your keytab file, you need to Base64-encode it and paste it into the text box provided.
- Use KRB Configuration File
- Enable to specify a krb5.conf file. Then paste the file contents into the text box provided.