You are viewing limited content. For full access, please sign in.

Question

Question

Kerberos Services

Web Client
Updated May 19, 2017
asked on April 27, 2017

Hi All,

 

The question was asked in this thread a couple of times,

http://answers.laserfiche.com/questions/64269/Web-Access-9-Windows-Authentication#64364

But didn't see an answer.

Referring to section 5.3 in the attached white paper.

The customer wants to use this option:-

Does anyone know the specific services, rather than configuring the service account kerberos delegation to any service? Or isn't this supported? The customer only allows kerberos contrained delegation, therefore they need to know the specific kerberos targets that are required.

 

Cheers!

 

Kerberos WA8 IIS7.pdf (118.79 KB)
Download
0 0

Replies

replied on May 19, 2017

Just want to add that You should use Internet Explorer or Edge to do your initial configuration testing as FireFox and Chrome also need additional configuration to work with Kerberos.  I spent about 7 hours longer than I needed trying to get Kerberos working when the issue was that I was using an unconfigured Chrome.

 

For FireFox:

Integrated Authentication for Firefox

For Chrome:

How to enable Auto Logon for Google Chrome without prompt

 

2 0
replied on May 19, 2017

Thanks Bert, in this case the customer is only using IE but good to know! yes

0 0
replied on May 2, 2017

Hello All,

Can anyone provide us the specific Kerberos service for the constrained delegation ?

 

As per the LF documentation, they suggest option 2 however our security doesn't allow us any service hence they insist the specific service so appreciate your response

 

Thanks

Kumar

0 0
replied on May 2, 2017 Show version history

I don't have a domain where I can try it right now, but this page has a walk-through of that dialog.  The relevant SPN for Laserfiche clients will be HTTP/{laserfiche server host name}.

0 0
replied on May 3, 2017

Hi Brian,

I know the configuration of Kerberos constrained delegation and that is not an issue but I am looking for what specific service type for Laserfiche we should add in the dialog box.

 

Thanks

Kumar

0 0
replied on May 18, 2017

I think it's http to match the SPN, but I don't really have a domain where I can try it.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...