Page created: 13 Nov 2020 |
Page updated: 16 Feb 2022
Configure a new Kerberos adapter instance in PingFederate.
- Ensure you have an AD domain configured as a datastore in PingFederate that can be used to validate Kerberos tickets.
- Create a user in Active Directory (AD) that can read from the directory.
In the PingFederate administrative console, go to .
- Click Create New Instance.
- On the Type tab, in the Instance Name and Instance ID fields, enter a name and ID.
From the Type list, select Kerberos
Adapter, and then click Next.
- On the IdP Adapter tab, select the Domain/Realm Name you used when adding AD as a datastore.
Click Manage Active Directory Domains/Kerberos
In the Manage Domain/Realm window, in the
Domain/Realm Name, Domain/Realm
Username, and Domain/Realm Password
fields, enter the information from your AD environment.
- Click Test Domain/Realm Connectivity to test your connection, then click Done.
- On the IdP Adapter tab, click Next.
- On the Extended Contract tab, click Next.
On the Adapter Attributes tab, select the
Username Pseudonym check box . Click
- On the Adapter Contact Mapping tab, click Next.
- On the Summary tab, review your entries. Click Save.