Kerberos WeConstrained Delegation


need setting constraint delegation on web servers.

here our scenario:

1.one web server in dmz front end servers, has kinda redirect back-end web server

2.backend web server, has actual web pages

need set in such way that, there 1 time authentication user , frontend web server kind of proxying of credentials backend server.

kindly assist.


hiya,

simplified kerberos setup way:

1 http spn service wish access. (backend web server)

1 delegation service wish able delegate credentials on (frontend)

the spn should http spn. delegation not need constrained delegation, not need protocol transitioning.

if need further in defining spn , delegation, require following information.

1: url or application.

2: identity of application pool, both web servers.



Windows Server  >  Directory Services



Comments

Popular posts from this blog

CRL Revocation always failed

Failed to query the results of bpa xpath

0x300000d errors in Microsoft Remote Desktop client