Kerberos Authentication ( Integrated Windows Authentication )

Hello Everyone,

I’m currently working on setting up Integrated Windows Authentication between our Active Directory and the ForgeRock Identity Platform (Access Management).I am following this article for setting up Kerberos (Knowledge - ForgeRock BackStage)

Here are the steps I’ve completed so far:

  1. Created a service account in Active Directory and granted the necessary permissions for Kerberos.
  2. Set up the Service Principal Name (SPN) for the service account.
  3. Generated the Keytab File.
  4. Configured the Krb5.ini file on my Windows environment.
  5. Established the authentication tree in ForgeRock Access Management.
  6. Configured the browser for Kerberos authentication.
    I have attached the image for all the configuration below.

However, when testing the authentication flow through the authentication tree, the process gets stuck at a blank page. In the authentication logs, I’ve encountered the following error:

KerberosNode: 2024-02-01T19:08:38.513+05:30: Thread[https-jsse-nio-9090-exec-3]: TransactionId[2c5d6e96-b581-4192-91ae-6a9f2f9a51ee-4856] ERROR: Service subject is null

I’d appreciate any assistance or insights you may have on resolving this issue. Thank you!


image
image