Kerberos WeConstrained Delegation
need setting constraint delegation on web servers.
here our scenario:
1.one web server in dmz front end servers, has kinda redirect back-end web server
2.backend web server, has actual web pages
need set in such way that, there 1 time authentication user , frontend web server kind of proxying of credentials backend server.
kindly assist.
hiya,
simplified kerberos setup way:
1 http spn service wish access. (backend web server)
1 delegation service wish able delegate credentials on (frontend)
the spn should http spn. delegation not need constrained delegation, not need protocol transitioning.
if need further in defining spn , delegation, require following information.
1: url or application.
2: identity of application pool, both web servers.
Windows Server > Directory Services
Comments
Post a Comment