EMC Documentum Kerberos SSO Authentication the WebLogic application server ... code samples, and FAQs. Audience . This white paper is intended for customers, partners, ... EMC Documentum Kerberos SSO Authentication

  • View
    220

  • Download
    4

Embed Size (px)

Transcript

  • EMC Documentum Kerberos SSO Authentication

    A Detailed Review

    Abstract

    This white paper introduces and describes a Kerberos-based EMC Documentum environment, and explains how to deploy such a system with single sign-on (SSO) on the Documentum platform.

    June 2011

  • Copyright 2010, 2011 EMC Corporation. All rights reserved.

    EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

    THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

    Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

    For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com

    All other trademarks used herein are the property of their respective owners.

    Part Number h8031.2

    EMC Documentum Kerberos SSO Authentication A Detailed Review 2

  • Table of Contents Executive summary ............................................................................................5 Introduction.........................................................................................................5

    Audience ...................................................................................................................................... 5 Kerberos authentication.....................................................................................5

    Kerberos architecture................................................................................................................... 5 Kerberos authentication flow in a DFS-based application ........................................................... 6 Kerberos authentication flow in a Documentum Web Development Kit-based application......... 9

    Configuring Kerberos authentication ...............................................................9 Configuring Kerberos on a Content Server in a Windows/ UNIX environment ......................... 10 Modification to error message during Kerberos plug-in initialization ......................................... 11 Replay cache filename change.................................................................................................. 11 Workaround for the Kerberos plug-in initialization error in UNIX............................................... 11 Prerequisites for WDK-based applications ................................................................................ 12

    Determining the Service Principal Name (SPN) .............................................12 Specifying the SPN for repositories ........................................................................................... 12 Specifying the SPN for DFS services ........................................................................................ 12 Specifying the SPN for WDK-based applications ...................................................................... 13

    Registering the SPN and generating the keytab file ......................................13 Creating the keytab file for Content Server................................................................................ 13 Reinitializing Content Server...................................................................................................... 15 Configuring the SPN and keytab file for DFS services .............................................................. 15 Creating the keytab file for WDK-based applications ................................................................ 17

    Creating Kerberos user accounts ...................................................................18 Creating Kerberos users in a repository .................................................................................... 18

    Configuring LDAP synchronization for Kerberos users.......................................................... 19 Creating a user account for a WDK-based application in the Active Directory ......................... 19

    Enabling Kerberos for DFS-based applications.............................................23 Enabling Kerberos during DFS service deployment.................................................................. 23 Kerberos and JAAS configuration.............................................................................................. 25

    Kerberos configuration ........................................................................................................... 25 Kerberos keytab file................................................................................................................ 25 JAAS configuration................................................................................................................. 25

    Using Kerberos authentication in DFS clients ........................................................................... 27 Kerberos authentication in a local DFS web application ................................................. 28 Kerberos authentication in a remote DFS client ............................................................... 30

    Enabling Kerberos for WDK-based applications ...........................................33 Prerequisites .............................................................................................................................. 33 Preparing the client machine and the browser to meet Kerberos SSO setup requirements..... 33 Creating the JAAS configuration file .......................................................................................... 36

    Configuring the Tomcat application server............................................................................. 36 Configuring the WebLogic application server......................................................................... 37 Configuring the JBoss application server............................................................................... 39

    EMC Documentum Kerberos SSO Authentication A Detailed Review 3

  • Configuring the WebSphere application server...................................................................... 40 Configuring the custom/app.xml file to enable Kerberos authentication ................................... 40

    Enabling Kerberos SSO authentication in WDK-based applications ..................................... 40 Configuring the Kerberos domain name ................................................................................ 41 Configuring Kerberos fallback ................................................................................................ 41 Sample Kerberos configuration in custom/app.xml................................................................ 41 Configuring EMC CenterStage to enable Kerberos authentication........................................ 41

    Enabling tracing ......................................................................................................................... 42 Kerberos authentication use cases............................................................................................ 43

    Client platform/Browser is not supported ............................................................................... 43 All repositories are Kerberos-enabled and the user logs in to the Kerberos domain............. 43 Client machine is not part of the Kerberos domain ................................................................ 44 Webtop is configured to work with mixed repositories ........................................................... 44 The end user is registered in the KDC but is not part of the Kerberos-enabled repository ... 45

    Setting DES, AES128, and RC4 Kerberos encryption types .........................46 Conclusion ........................................................................................................47 References ........................................................................................................47

    Glossary ..................................................................................................................................... 47 Common issues with the configuration of Webtop or TaskSpace for Kerberos authentication. 48

    Issue 1 ................................................................................................................................... 48 Issue 2 ................................................................................................................................... 48 Issue 3 ................................................................................................................................... 49 Issue 4 ................................................................................................................................... 49 Issue 5 ................................................................................................................................... 49 Issue 6 ................................................................................................................................... 50 Issue 7 ................................................................................................................................... 50 Issue 8 ................................................................................................................................... 50 Issue 9 ................................................................................................................................... 51 Issue 10 ...............................................

Recommended

View more >