CITSmart auto-login -SSO
Branchs:
- Sso (itsm)
- Spnego 1.0 (artifactory)
- Access "create user" in Users and Computers of the Active Directory, as in the image below:
2. Create a password:
3. Click on the right side of the mouse, in the button user/properties:
4. Select the "This account supports 256-bit encryption" option, apply it, and check "OK", as below:
5. Open the ADSI Edit. Then, connect in the AD, click on users and locate the user newly created, as below:
6. Right-click and select the Properties option. Then, search for the ServicePrincipalName (SPN);
7. Add HTTP/hom-itsm.centralit.com.br, click on "OK", as in the image below:
8. Open the CMD as Administrator and put the following commands. Remember that the first sets the SPN and the second creates the Keytab (which will be used in the Wildfly):
- setspn -s HTTP/hom-itsm.centralit.com.br citsmart2
- ktpass / princ HTTP/hom-itsm.centralit.com.br /mapuser citsmart2 /pass central@123 /ptype KRB5_NT_Principal/outcitsmart2.keytab /crypto ALL
9. Making the steps above, the AD will be configured.
- Copy the war generated from the branch sso;
- Copy the file krb5.conf (validate the information according to the AD) to the folder standalone/configuration (wildfly):
Copy the file login.conf (validate the information according to the AD) to the folder standalone / configuration (wildfly):
- Copy the lightkeytab.keytab file (generated by the command in AD) to the standalone / configuration (wildfly) folder;
- Fix standalone.xlm by adding the following information:
In \<system-properties>
In \<security-domains>
- If you do not have changed the jar of the policy of JAVA (JCE - Java Cryptography Extension), download the files and put in jdk/jre/lib/security/policy/limited and jdk/jre/lib/security/policy/unlimited;
- Import (synchronize) users of LDAP in ITSM.
⚠️ Attention!
The DN Alias should be the same as the network domain (example: CIT\user), than the DN Alias = CIT, as below:
⚠️ Attention!
It is recommended to read the following support materials: https://ss64.com/nt/setspn.html and http://spnego.sourceforge.net/