...
Why does the user have to log in manually the in manually the first time?
Make sure the Default Group Memberships is set. This setting can be found when editing the user directory. Make sure the group has global logon permissions.
Because of unexpected behavior in confluence when checking if the user has logon permission try configuring "configured required groups".
How can we restrict who should be logged in with Kerberos?
Kantega SSO supports IP blocking/unblocking for when to perform Kerberos. For IP blocking/unblocking to work Kantega SSO needs to see the correct client IP.
Which client IP Kantega SSO sees is shown under "Client IP restrictions".
...
If you have multiple User Directories, the user will be looked up in the same order as with manual logon.
Our Active Directory has a non-standard User Name Attribute, will that work?
Yes. Kantega SSO will automatically detect that your User Directory has a non-standard User Name Attribute. (Different from sAMAccountName, say "userPrincipalName")
If this is the case, Kantega SSO will first look up the account in AD using the standard sAMAccountName, then map it to the configured User Name Attribute you configured, and finally perform a new search using that name.
Can we use a Crowd User Directory?
Yes. Kantega SSO will search your Crowd User Directory with the standard account name (sAMAccountName)
...
The same SPN (e.g. HTTP/jira.example.com) cannot exist on two users at the same time in Active Directory. The Kerberos test page will detect duplicate SPNs and flag this. To resolve the issue either delete one of the users in Active Directory that has the duplicate SPN. An alternative is to remove the SPN from the user object with this command
setspn -D HTTP/jira.example.com accountname
What could the cause for very slow logins?
User directories can be configured to update group memberships at login, and in some network environments these operations may be very slow. If you experience very slow logins, you should check the settings controlling the update operations. These are found in your user directory configurations.
...