Configuring The Access Gateway For Kerberos Authentication; Upgrading From Access Manager 3.0 Sp4 Or 3.1 - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

This preference lists the sites that are permitted to engage in SPNEGO Authentication
with the browser. Specify a comma-delimited list of trusted domains or URLs.
For this example configuration, you would add
the list.
If the deployed SPNEGO solution is using the advanced Kerberos feature of Credential
Delegation, double-click
preference lists the sites for which the browser can delegate user authorization to the
server. Specify a comma-delimited list of trusted domains or URLs.
For this example configuration, you would add
the list.
4 Click OK. The configuration appears as updated.
Restart your Firefox browser to activate this configuration.
5 In the URL field, enter the base URL of the Identity Server with port and application. For this
example configuration:
http://amser.provo.novell.com:8080/nidp
The Identity Server should authenticate the user without prompting the user for authentication
information. If a problem occurs, check for the following configuration errors:
Verify the default user store and contract. See
View the
Configuration" on page
If you make any modifications to the configuration, either in the Administration Console
or to the
3.4.5 Configuring the Access Gateway for Kerberos
Authentication
If you have set up a Web server that you want to require Kerberos authentication for access, you can
set up a protected resource for this Web server as you would for any other Web server, and select the
name of your Kerberos contract for the contract. For instructions, see See
Resources" in the
When using Kerberos for authentication, the LDAP credentials are not available. If you need LDAP
credentials to provide single sign-on to some resources, see
Class Extension to Retrieve Password for Single Sign-on (http://www.novell.com/communities/
node/4556)

3.4.6 Upgrading from Access Manager 3.0 SP4 or 3.1

If you are upgrading from 3.0 SP4 to 3.1 SP1, see
Access Manager 3.1 SP1 Installation Guide
configuration for 3.1 SP1.
If you are upgrading from 3.1 to 3.1 SP1, see
the Novell Access Manager 3.1 SP1 Installation Guide
Kerberos configuration for 3.1 SP1.
124 Novell Access Manager 3.1 SP1 Identity Server Guide
network.negotiate-auth.delegation-uris
file and verify the configuration. See
catalina.out
123.
file, restart Tomcat on the Identity Server.
bcsLogin
Novell Access Manager 3.1 SP1 Access Gateway
for a possible solution.
http://amser.provo.novell.com
http://amser.provo.novell.com
Step 13.
Guide.
Access Management Authentication
"Upgrading the SP4 Identity
for information on how to modify your Kerberos
"Upgrading from Access Manager 3.1 to 3.1
for information on how to modify your
to
. This
to
"Verifying the Kerberos
"Configuring Protected
Servers"in the Novell
SP1"in