Secure windows authentication without passwords / Set up SSO with Kerberos
Our customer is a large Asian bank with on-premises Jira and Confluence Data Center. Their employees had so far had to enter separate usernames and passwords in both Jira and Confluence. The system administrator in this bank wanted to simplify access to the Atlassian products.
The challenge:
Kerberos as a technology is sparsely documented, and the system administrator knew it would have been too big an investment to build a solution in-house. He decided to go for a solution with built-in Kerberos support, Kantega SSO Enterprise.
The solution:
Integrated Windows Authentication / Kerberos from Kantega SSO gives the end-user access to Atlassian products without entering a username or password. The customer set up Kerberos in the Kantega SSO Enterprise app following our Kerberos setup guide.
When configuring complex environments, there is a possibility of making mistakes. The system administrator ran Kerberos test page after completing the setup tasks. The Kerberos test page revealed a bug in the configuration: “Browser sent an NTLM token which is incompatible with Kerberos".
The system administrator then contacted our excellent support for help. Support reproduced the bug and helped the system administrator to solve the problem: “Kerberos will not work when using host-resolver-rule flag during testing in Chrome to configure DNS for your server “.
Support updated FAQ with this issue so that other customers with similar problem can find and solve the problem themselves, see host-resolver-rule flag in Chrome.