When Kerberos is configured in the back end application, to set up identity bridging in Unified Access Gateway, you upload the identity provider metadata and keytab file and configure the KCD realm settings.

Note:

This release of identity bridging supports only a single domain setup. This means the user and the SPN should be in the same realm/domain.

When identity bridging is enabled with header-based authentication, keytab settings and KCD realm settings are not required.

Before you configure the identity bridging settings for Kerberos authentication, make sure that the following is available.

  • An identity provider is configured and the SAML metadata of the identity provider saved. The SAML metadata file is uploaded to Unified Access Gateway (SAML scenarios only).

  • For Kerberos authentication, a server with Kerberos enabled with the realm names for the Key Distribution Centers to use identified.

  • For Kerberos authentication, upload the Kerberos keytab file to Unified Access Gateway. The keytab file includes the credentials for the Active Directory service account that is set up to get the Kerberos ticket on behalf of any user in the domain for a given back-end service.