- Enabling Integrated Authentication on the Web Application Server
- Setting Up SSO by Impersonation
- Configuring SSO by Delegation
You can configure the KCD account for NetScaler SSO by impersonation. In this configuration, the NetScaler appliance obtains the user's username and passwordwhen the user authenticates to the authentication server and uses those credentials to impersonate the user to obtain a ticket-granting ticket (TGT). If the user's name is in UPN format, the appliance obtains the user's realm from UPN. Otherwise, it obtains the user's name and realm by extracting it from the SSO domain used during initial authentication, or from the session profile.
When configuring the KCD account, you must set the realm parameter to the realm of the service that the user is accessing. The same realm is also used as the user's realm if the user's realm cannot be obtained from authentication with the Netscaler appliance or from the session profile.
At the command prompt, type the following command:
For the variables, substitute the following values:
To add a KCD account named kcdccount1, and use the keytab named kcdvserver.keytab, you would type the following command:
add aaa kcdAccount kcdaccount1 -keytab kcdvserver.keytab