(Workaround) Support Kerberos authentication

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • A workaround is available for the SAML 2.0 integration that changes the authentication context from forms-based authentication to Windows-based authentication.

    시작하기 전에

    Role required: sso_config_admin, business_rule_admin, script_include_admin

    이 태스크 정보

    Currently, the SAML 2 integration uses a PasswordProtectedTransport or "forms-based authentication" authentication context. This authentication context requires the IdP to present users with a form for authentication credentials. With Kerberos, a SAML session is already active through an established Windows login, so the user does not need to authenticate with the IdP.

    프로시저

    1. Navigate to All > Multi-Provider SSO > Identity Providers.
    2. Open the SAML2 Update1 IdP record.
    3. Set the The AuthnContextClassRef method that we will be included in our SAML 2.0 AuthnRequest to the Identity Provider to one of the following:
      표 1. AuthnContextClassRef method values
      urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport (Default)
      urn:federation:authentication:windows
    4. Click Update.