0

We have implemented Single Sign-On (SSO) using Kerberos in our production environment. The configuration of our application is as below. Operating System: Solaris10 Application Server: WebSphere7.0.0.11

Things are working fine for the Parent domain (MAIL.COM). But the users from child domains (like CO.MAIL.COM, BO.MAIL.COM..) are unable to login to the application.

We have the Kerberos Configuration file with the child domain details also. My doubt is "What are the changes needs to be done at the WAS console (realm related, domain related etc..)"

Thank you very much in advance..!!!

Chilukuri
  • 27
  • 2
  • 8
  • 1
    You dont need to make any changes on the WAS side. Talk to your AD admins if there is a trust between domains. And make sure user from each subdomain can login to windows using parent domain. – Gas Feb 20 '15 at 13:54
  • Ha Thanks Gas, Really I was waiting for your reply.. – Chilukuri Feb 21 '15 at 14:59
  • If this is important production issue for you, contact official IBM Support or your local IBM representative.This is a community site, not any official product support site and people are posting here, if they want and have time. And you should first test your changes on the TEST environment, BEFORE doing it on the production. – Gas Feb 23 '15 at 09:12
  • I don't have much time this week, so you are on your own, sorry.You need to enable tracing and see what is the real issue for these users. – Gas Feb 23 '15 at 09:59
  • Thanks Gas.. Please look into it at your free time.. – Chilukuri Feb 24 '15 at 07:07
  • Did you test, if these users can log in to Windows using parent domain? – Gas Feb 24 '15 at 16:18
  • I will try that and update you Gas.. Thanks for spending your valuable time to solve the issue.. – Chilukuri Feb 25 '15 at 07:27
  • So you need to contact your AD admins, and fix that. Then your sso on WAS will work also. – Gas Feb 25 '15 at 12:32

0 Answers0