Hello,
We successfully implemented the Kerberos SSO against NW04s Portal and MS AD. But, of course, there's additional issue.
Case is that in AD users are located in severals containers (OU 1 to 3), structure of AD is as follows:
DC=corp, DC=Company
OU=1
OU=2
OU=3.
Kerberos, as stated in docs (also tested in real life), works only for users, which are located in the same container as AD service user used for j2ee - ad communication purposes. If user from different container tries to access the portal, ugly logon screen appears (two logon windows with unknown_error message).
My AD admin says, that it's not possible to create service user at domain level (logical), also changes to AD structure are not possible at the moment.
Are there any known workarounds for this issue?
regards,
Mry