Forum Discussion

Matantal_338057's avatar
Matantal_338057
Icon for Nimbostratus rankNimbostratus
Oct 18, 2017

Kerberos SSO fails when user required for smartcard.

Hi all, So basicly im doing APM access to portal resource (rewrite) that is done with mobile certificate translated to KDC (After upn extraction+AD query). After sso mapping is done KDC kicks in and fails . I found out that if i remove smartcard auth requirment in my domain KDC gets a valid ticket and SSO is successfull. What am i missing?

 

  • Hi,

     

    Kerberos sso can be used whatever authentication is configured.

     

    The only requirements for Kerberos sso are:

     

    • sAMAcountName in variable session.sso.token.last.username
    • Kerberos realm in variable session.logon.last.domain