Tuesday, June 9, 2020

Create a keytab file to use SSO for KeyCloak or another tool

You can use this post to create a KeyTab file for your application to use SSO.

Find attached the details for the sample setup.
Domain: test.zz
user: srviceuser1
pw: HDPw8912hs17!/hsd7
url: auth-test.service.test.zz
Required enycryption: AES256

Command:
ktpass -out c:\auth-test.keytab -princ HTTP/auth-test.test.zz@TEST.ZZ -mapuser srviceuser1 -pass HDPw8912hs17!/hsd7 -kvno 0 -ptype KRB5_NT_PRINCIPAL -crypto AES256-SHA1
If another type of encryption is needed you should have a look at the following article:

You can verify if the spn is applied to the account using the following command.
setspn -L srviceuser1

The last thing we have to do is to enable the support of AES256 encryption on the account serviceuser1. Open Active Directory  Users & Computers, select properties of serviceuser1, go to the account tab and select the following checkbox in Account options: “This account supports Kerberos AES 256 bit encryption”


No comments:

Post a Comment