Configuring a Kerberos Token Processor instance - PingFederate

Configuring a Kerberos Token Processor instance - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Configuration User task WS-Trust Standards, specifications, and protocols Software Deployment Method Product documentation Content Type Administrator Audience Kerberos

The integrated Kerberos Token Processor accepts and validates Kerberos tokens via a configured Kerberos realm. Moreover, it supports authentication mechanism assurance from Active Directory domain service, thus making it possible to restrict access to users authenticating through specific mechanisms. For more information, see Authentication mechanism assurance.

On the Instance Configuration screen, select the applicable domain from the Domain/Realm Name list.
An Active Directory domain or a Kerberos realm must be configured for use with the Kerberos Token Processor. If the domain you want does not appear, click Manage Active Directory Domains/Kerberos Realms to add it. (For more information, see Configuring Active Directory domains or Kerberos realms.)

Note:
Kerberos tickets can be accepted from domains other than the domain configured in the Token Processor, provided that there is a transient, two-way trust. This trust exists by default when domains are joined within a single server forest (see Multiple-domain support).