Configuring SSO with Kerberos
Admin Console > People > Settings > Single Sign-On > Kerberos
Understanding SSO with Kerberos
Before you configure SSO, make sure you have a migration strategy for your existing Jive users. Implementing SSO without migrating your users to your new authentication provider will orphan existing user accounts, so users can't access their community content. Kerberos is supported only with on-premise installations of Jive and is not available for Jive-hosted communities.
Setting Up Kerberos SSO
When you implement single sign-on (SSO) with Kerberos, LDAP handles all the authorization and user synchronization, while Kerberos handles authentication. Kerberos is only supported with on-premise installations of Jive and is not available for Jive-hosted communities.
Service Principal : The service principal used to communicate with the KDC and validate any user tickets passed to Jive. Typically, the Service Principal value is the user name for an account.
Realm : The realm for the service principal account user name you specified.
(KDC) Key Distribution Center : The hostname for the key distribution center. You may not need to provide this information if the realm already resolves to the KDC. Communication with the KDC typically uses the standard service principal string and password.
Password : Specifies the password for the service principal account user name you specified.
Because authentication uses a single token passed from the operating systems, no redirect is required. The token is verified against the configured Key Domain Controller (KDC), and if it's valid, the user is logged in.
Advanced Settings
The following settings on the Advanced tab control some less commonly used SSO configurations.
Debug Mode : Enable to provide detailed logging for troubleshooting authentication problems. You should disable this setting in production.
Use Keytab for Authentication : Enable to specify a keytab file as an alternate credentialing method. To upload your keytab file, you need to Base64-encode it and paste it into the text box provided.
Use KRB Configuration File : Enable to specify a krb5.conf file. Then paste the file contents into the text box provided.