Edit the SSOP service to include the Kerberos login scheme
-
Add the information shown in bold below to your exported SSOP service.
Be sure to update with your KERBEROS_REALM_NAME.
<?xml version="1.0" encoding="ISO-8859-1"?> <BATCH_LOAD FORMAT="Opaque"OVERRIDE="true"> <SERVICE> <ID>SSOP</ID> <LoginProcedure>Form based</LoginProcedure> <LOGINSCHEME NAME="Form"> <PROTOASSERT>Use HTTP only</PROTOASSERT> <HTTPURL>http://LSF10.lawson.com:6403/sso/SSOServlet</HTTPURL> <HTTPSURL>http://LSF10.lawson.com:6403/sso/SSOServlet</HTTPSURL> <PRIMARYTARGETLOOKUP>Use Kerberos</PRIMARYTARGETLOOKUP> <USERNAMEFIELD>_ssoUser</USERNAMEFIELD> <PASSWDFIELD>_ssoPass</PASSWDFIELD> <LOGIN_SUBMIT_METHOD>POST</LOGIN_SUBMIT_METHOD> <LOGINSCHEMENAME>DEFAULT</LOGINSCHEMENAME> <SERVICEURL>http://LSF10.lawson.com:6403/sso/sso.html</SERVICEURL><SPNEGO_ALLOW_BASIC>false</SPNEGO_ALLOW_BASIC> <SPNEGO_ALLOW_LOCALHOST>false</SPNEGO_ALLOW_LOCALHOST> <SPNEGO_ALLOW_UNSECURE_BASIC>false</SPNEGO_ALLOW_UNSECURE_BASIC> <SPNEGO_LOGIN_CLIENT_MODULE>spnego-client</SPNEGO_LOGIN_CLIENT_MODULE> <SPNEGO_LOGIN_SERVER_MODULE>spnego-server</SPNEGO_LOGIN_SERVER_MODULE> <SPNEGO_PROMPT_NTLM>false</SPNEGO_PROMPT_NTLM> <SPNEGO_ALLOW_DELEGATION>true</SPNEGO_ALLOW_DELEGATION> <SPNEGO_LOGGER_LEVEL>1</SPNEGO_LOGGER_LEVEL> <KERBEROS_REALM_NAME>YOUR.KERBEROS.REALM.NAME</KERBEROS_REALM_NAME></LOGINSCHEME><HasCredential>true</HasCredential><IdentityAttrList>user</IdentityAttrList><SvcEntryAttrList>user,PASSWORD</SvcEntryAttrList><CredentialAttrList>PASSWORD</CredentialAttrList><OptionalAttrList>PASSWORD</OptionalAttrList></SERVICE> </BATCH_LOAD> -
Save the file with the new name
override.xml. -
Import the
override.xmlfile. From the command line, type:ssoconfig -l <password> override.xmlwhere
lis a lower case L<password>is the password for the ssoconfig utility.