Configure and enable the KerberosIdpAdapter on the VMware Identity Manager connector. If you have deployed a cluster for high availability, configure and enable the adapter on all the connectors in your cluster.
About this task
Authentication adapters on all the connectors in your cluster must be configured identically. The same authentication methods must be configured on all the connectors.
For more information about configuring Kerberos authentication, see the VMware Identity Manager Administration Guide.
The connector must be joined to the Active Directory domain.
- In the VMware Identity Manager administration console, click the Identity & Access Management tab.
- Click Setup, then click the Connectors tab.
All the connectors that you have deployed are listed.
- Click the link in the Worker column of one of the connectors.
- Click the Auth Adapters tab.
- Click the KerberosIdpAdapter link, and configure and enable the adapter.
The default name of the adapter is KerberosIdpAdapter. You can change this name.
Directory UID Attribute
The account attribute that contains username.
Enable Windows Authentication
Select this option.
You do not need to select this option unless your Active Directory infrastructure relies on NTLM authentication.
If you have multiple connectors in a cluster and plan to set up Kerberos high availability by using a load balancer, select this option and specify a value for Redirect Host Name.
If your deployment has only one connector, you do not need to use the Enable Redirect and Redirect Host Name options.
Redirect Host Name
A value is required if the Enable Redirect option is selected. Enter the connector's own host name. For example, if the connector's host name is connector1.example.com, enter connector1.example.com in the text box.
For more information on configuring the KerberosIdPAdapter, see the VMware Identity Manager Administration Guide.
- If you have deployed a cluster, configure the KerberosIdPAdapter on all the connectors in your cluster.
Ensure that you configure the adapter identically on all the connectors, except for the Redirect Host Name value, which should be specific to each connector.
What to do next
Set up high availability for Kerberos authentication, if necessary. Kerberos authentication is not highly available without a load balancer.