To create the outbound SSO domain, follow the steps below in the LoadMaster WUI:

  1. Expand Virtual Services > Manage SSO.

  2. Enable or disable the Use AES56 SHA1 KCD cipher check box.
    Note: When this check box is selected, the AES256 SHA1 KCD cipher is used (by default the RC4, DES, and DES3 ciphers are used).
  3. Type a name in the Add new Server Side Configuration text box and click Add.
    Note: The LoadMaster only supports a single KCD server-side SSO configuration.

  4. Type the Kerberos Realm and click Set Kerberos realm.
  5. Type the Kerberos Key Distribution Center and click Set Kerberos KDC.

    As of LoadMaster firmware version 7.2.51, two Key Distribution Center (KDC) servers can be set per domain. The first one entered becomes active until it fails. KDC availability is checked and if the KDC fails to respond successfully three times or if it times out for five seconds, the active KDC is switched. The active Kerberos KDC is shown underneath when two addresses are entered in the Kerberos Key Distribution Center field.

    Note: If you are entering more than one KDC, the username and password must be the same for both KDCs.
    Note: Double and single quotes are not allowed in the Kerberos Key Distribution Center field.
  6. Type the Kerberos Trusted User Name and click Set KCD trusted user name.
  7. Type the Kerberos Trusted User Password and click Set KCD trusted user password.