Configure and enable the KerberosIdpAdapter on the VMware Identity Manager connector. If you have deployed a cluster for high availability, configure and enable the adapter on all the connectors in your cluster.

About this task

Important:

Authentication adapters on all the connectors in your cluster must be configured identically. The same authentication methods must be configured on all the connectors.

For more information about configuring Kerberos authentication, see the VMware Identity Manager Administration Guide.

Prerequisites

The connector must be joined to the Active Directory domain.

Procedure

  1. In the VMware Identity Manager administration console, click the Identity & Access Management tab.
  2. Click Setup, then click the Connectors tab.

    All the connectors that you have deployed are listed.

  3. Click the link in the Worker column of one of the connectors.
  4. Click the Auth Adapters tab.
  5. Click the KerberosIdpAdapter link, and configure and enable the adapter.

    Option

    Description

    Name

    The default name of the adapter is KerberosIdpAdapter. You can change this name.

    Directory UID Attribute

    The account attribute that contains username.

    Enable Windows Authentication

    Select this option.

    Enable NTLM

    You do not need to select this option unless your Active Directory infrastructure relies on NTLM authentication.

    Enable Redirect

    If you have multiple connectors in a cluster and plan to set up Kerberos high availability by using a load balancer, select this option and specify a value for Redirect Host Name.

    If your deployment has only one connector, you do not need to use the Enable Redirect and Redirect Host Name options.

    Redirect Host Name

    A value is required if the Enable Redirect option is selected. Enter the connector's own host name. For example, if the connector's host name is connector1.example.com, enter connector1.example.com in the text box.

    For example:



    Kerberos adapter


    For more information on configuring the KerberosIdPAdapter, see the VMware Identity Manager Administration Guide.

  6. If you have deployed a cluster, configure the KerberosIdPAdapter on all the connectors in your cluster.

    Ensure that you configure the adapter identically on all the connectors.

What to do next

Set up high availability for Kerberos authentication, if necessary. Kerberos authentication is not highly available without a load balancer.