Versions Compared

Version Old Version 1 New Version 2
Changes made by

Marcin Sikora

Marcin Sikora

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Copy keycloak.ktab file to <Saga Directory>\volumes\authority\docker-entrypoint.d

  2. In LDAP provider configuration, turn on Kerberos integration and fill in details according to screen below

    1. Set Allow Kerberos authentication to ON

    2. Set your Kerberos Realm (ie. COMPANY.INTERNAL)

    3. Set your Server principal according to spn set on domain user (ie. HTTP/locator.internal@COMPANY.INTERNAL)

    4. Point to keytabfile ie. c:\docker-entrypoint.d\keycloak.ktab if you have copied ktab to <Saga Directory>\volumes\authority\docker-entrypoint.d

    5. If you want to debug your configuration, set Debug to On.

    6. Set Use Kerberos For Password Authentication to On.

...

Configuring Active Directory group mappings

This feature enables you to configure group mappings from Active Directory to Authority Service. The group mapper may be used to convert Active Directory groups from a specific branch of an LDAP tree to Authority Service groups. Additionally, it will import user-group mappings from Active Directoryto Authority Service user-group mappings.

  1. In LDAP provider configuration go to the Mappers tab

  2. Add new mapper of type group-ldap-mapper

  3. Configure as in example below

    1. Enter LDAP GRoups DB specific for your AD setup

    2. Enter objectSid as Mapperd Group Attribute to import group sids

  4. Image Added

Limitations

Active Directory user federation through LDAPS requires that the domain controller has a valid SSL certificate issued by a well-known authority.