I am working on implementing the windows Integrated authentication using ADFS 2.0 with kerberos
I had go through the per-requisites
configure windows Server ADDS, ADFS2.0 ,DNS, running on some xyz.com domain
I had one windows client connecting to windows server xyz.com domain
and Spring-security-saml2-sampl application on Linux env
all this domain are connected using VLAN.
For enabling windows authentication I had configured IE settings enable windows Integrated authentication, adding local intranet configuration
required. I had refer this link: http://www.cisco.com/c/en/us/support/docs/security-vpn/kerberos/118841-configure-kerberos-00.html
As per kerberos configuration on windows server I had configured
setspn -a HTTP/adfs01.xyz.com <ActiveDirectory user>
setspn -a HTTP/adfs01 <ActiveDirectory user>
in my windows Client application I can see I get kerberos tickets:while running
klist tickets
but for while to spring-security-saml2-sample application, I am not able to authenticate
getting windows prompt again and again .and failed
what I need to configure for enable ADFS with kerberos ,
Thanks
I had figure out my issue by setting SPN( service principal name ) to the user of ADFS2.0 logon account ,instead of setting spn on random account. refereed this link :
and my IE settings:
Enabled windows Integrated authentication.
Put ADFS server ie windows server: in local intranet sites
In local intranet setting --> custom level --> Added user Authentication : Automatic logon in Intranet zones