Hello,
I have succesfully configured the Secure Login Server to authenticate users via Windows Login / SPNEGO. Unfortunatelly the enrollment does NOT work for users in different domains, but only one domain AT A TIME. So the Secure Login Server SPN sits within the Kerberos Realm that allows users in exactly this Realm to login via SPNEGO. (Of course all users from all domains are visible in dthe Secure Login Servers UME)
But we have 4 domains in a forrest..So, according to note 994791 that states:
- Domain Forest
- Create and configure a J2EE service user in one of the domains part of the forest # it doesn#t matter if this domain will be the root domain or any of the child domains
- Configure UME to use multiple ADS data sources (for each domain in the forest)
- In the #Kerberos Realm# step of the wizard you should provide information only for the domain where you have created the service user for the J2EE Engine
..I have configured SPNEGO only for the realm that hosts the SPN.
Unfortunatelly it doesn't work. Please help me if you have experience with cross domain SPNEGO authentication via Secure Login Server.
Thank You,
Philippe