Enabling Pega Platform to support Kerberos single sign-on
On a running Active Directory (AD) server, you can enable Pega Platform, running on an Apache Tomcat server, to use Kerberos authentication.
Perform the following steps to enable single sign-on (SSO) by using Kerberos:
- Configuring Active Directory to use Kerberos
After you create users and systems inside an AD domain, define the Pega Platform server and configure service principal names (SPNs) for users. Kerberos uses SPNs, which uniquely identify service instances, to associate a service with a service logon account.
- Configuring Tomcat to enable client systems to connect to Pega Platform
Configure Tomcat with SPNEGO libraries so that client systems can connect to Pega Platform.