Reference Guide
Single Connect Administration
Windows Authentication on the Single Connect GUI
5 min
windows authentication can be used to log in to the single connect gui the required settings are outlined in this section the following terms are used in the configuration steps domain controller domaincontrollerfqdn (ex win test singleconnect com) single connect server schostnamefqdn (ex sc test singleconnect com) domain name domainname (ex singleconnect com) domain controller configuration the following configurations should be set on the domain controller create a user (ex username win auth, password 123) create an spn (service principal name) for this user, using the following command setspn a http/ singleserverhostname username (ex setspn a http/ sc test singleconnect com win auth) create an “sc keytab” file using the following command ktpass /out c \sc keytab /mapuser usernamefqnd /princ http/ schostnamefqdn\@domainname /pass password /kvno 0 (ex\ ktpass /out c \sc keytab /mapuser win auth\@singleconnect com /princ http/sc test singleconnect com\@singleconnect com /pass 123 /kvno 0) single connect server configuration the following configurations should be set on the single connect server establish an ssh connection to single connect as the pamuser user move the “sc keytab” file under “$catalina base/conf/” (the default catalina base directory is “u01/netright tomcat”) create the “krb5 ini” file in the tomcat server under “$catalina base/conf/” with the following example content \[libdefaults] default realm = singleconnect com default keytab name = file /u01/netright tomcat/conf/sc keytab default tkt enctypes = rc4 hmac,aes256 cts hmac sha1 96,aes128 cts hmac sha1 96 default tgs enctypes = rc4 hmac,aes256 cts hmac sha1 96,aes128 cts hmac sha1 96 forwardable=true \[realms] singleconnect com = { kdc = win test singleconnect com 88 } \[domain realm] singleconnect com= singleconnect com singleconnect com= singleconnect com add the following lines at the end of the “$catalina base/bin/setenv sh” file export catalina opts=” djava security krb5 conf=/u01/netright tomcat/conf/krb5 ini” export catalina opts=" djavax security auth usesubjectcredsonly=false" client browser configuration the following configurations should be set on the client’s browser configurations made for the internet explorer (ie) also activate the edge and chrome browsers for internet explorer (ie) go to settings > internet options > security select local intranet zone , click the sites button, check all three options, and click the advanced button to add the single connect server name to this zone ex http //sc test singleconnect com select local intranet zone , click the custom level button, and select automatic logon only intranet for firefox type about\ config on the address bar, accept the warning, and change the network negotiate auth trusted uris value to single connect server hostname ex http //sc test singleconnect com restart the computer access the application by typing the single connect server hostname on the address bar, without the ip ex http //sc test singleconnect com single connect gui configuration add the following parameters in the system config manager navigate to administration > system config man add these parameters windows auth keytab path = /u01/netright tomcat/conf/sc keytab windows auth spn = http/singleconnectservername example value http/sc test singleconnect com aioc auth windows = true