Skip to Content
0

Microsoft Windows AD authentication thru Kerberos Protocol

Jul 05, 2017 at 07:25 AM

45

avatar image

Hello

In order to connect users to the BI platform (BI launchpad or Central Management Console), we have implemented Microsoft Windows AD authentication thru Kerberos Protocol.

Our IS Security entity requests us more accuracy regarding the working of this authentication.

They would like to know what are the authentication credentials sent to Windows during the validation of the user's login?

Are they credentials of the user or credentials of the global service account.

Thank you for your help

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Tim Ziemba
Jul 05, 2017 at 03:01 PM
0

While many customers thing AD SSO is a function of BI it is in fact not. To achieve kerberos SSO you must setup everything in Microsoft (service account, delegation, SPN's even browser, etc) Once Microsoft SSO is setup then a successful authenticated Microsoft users that is mapped into BI can access BI. So this question is better directed at your Microsoft admin.

https://msdn.microsoft.com/en-us/library/bb742516.aspx

Here is a Microsoft article on how kerberos works, depending on your configuration, the exactly how could vary. Essentially a negotiation occurs at the browser and the user (not service account) is authenticated. The service account does play a role in delegating the user to various resources like the BI server.

regards,

Tim

Share
10 |10000 characters needed characters left characters exceeded