Administering the Community / Setting Up Single Sign-On
Parent topic: Setting Up Single Sign-On

Understanding SSO with Kerberos

When you implement single sign-on (SSO) with Kerberos, LDAP handles all the authorization and user synchronization, while Kerberos handles authentication.

Note: Kerberos is only supported with on-premise installations of Jive. It is not available for Jive-hosted communities.

Kerberos is an authentication protocol that is meant to be used in conjunction with an LDAP-enabled instance. LDAP handles all authorization and user synchronization, while Kerberos handles authentication. On Windows and Mac machines that are joined to an Active Directory domain, users can seamlessly log into Jive without entering a username or password, or even seeing a login screen. Users who are not logged into the domain on their computers will still see a standard login form. Because authentication uses a single token passed from the operating systems, no redirect is required. The token is verified against the configured Key Domain Controller (KDC), and if it's valid, the user is logged in.

Communication with the KDC typically uses the standard service principal string and password. However, you can also specify a keytab and krb5.conf file.

Parent topic: Setting Up Single Sign-On

Powered by Jive Software
© 1999-2018 Jive Software. All rights reserved. Follow us on Twitter @JiveSoftware