Configuring a Kerberos Token Processor instance - PingFederate

Configuring a Kerberos Token Processor instance - PingFederate - 11.3

PingFederate Server

bundle

pingfederate-113

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 11.3 (Latest)

category

Administrator

Administratorguide

Audience

Capability

ContentType

DeploymentMethod

Guide

Product

Productdocumentation

SingleSignonSSO

Software

SystemAdministrator

pf-113

pingfederate

ContentType_ce

Guide > Administrator Guide

Product documentation

Guide

Page created: 5 Jul 2022 |

Page updated: 5 Jul 2022

| 1 min read

Guide Administrator Guide Content Type Product documentation 11.3 Capability Single Sign-on (SSO) Deployment Method Software Audience Administrator System Administrator Product PingFederate

The integrated Kerberos Token Processor accepts and validates Kerberos tokens through a configured Kerberos realm.

It supports authentication mechanism assurance from Active Directory (AD) domain service, making it possible to restrict access to users authenticating through specific mechanisms. For more information, see Authentication mechanism assurance.

Go to Authentication > Token Exchange > Token Processors.
On the Instance Configuration tab, select the applicable domain from the Domain/Realm Name list.
An AD domain or a Kerberos realm must be configured for use with the Kerberos Token Processor. If the domain you want does not appear, click Manage Active Directory Domains/Kerberos Realms to add it. For more information, see Active Directory and Kerberos.

Note:
Kerberos tickets can be accepted from domains other than the domain configured in the token processor if there is a transient, two-way trust. This trust exists by default when domains are joined within a single server forest. For more information, see Multiple-domain support.