To configure the server side SSO domain, follow the steps below in the LoadMaster WUI:

  1. In the main menu, select Virtual Services > Manage SSO.

  2. In the Server Side Single Sign On Configurations section, enter the name of the Single Sign On (SSO) domain in the Name text box and click Add.

  3. Select Kerberos Constrained Delegation as the Authentication Protocol.
  4. Enter the Kerberos Realm address and click Set Kerberos realm. Click OK.
    Note: The Kerberos realm is usually the domain. The Kerberos realm should be a name (not an IP address), such as progress.local. If an IP address is specified, authentication will not work. This field only accepts one name.
    Note: Double quotes are not allowed in this field.
  5. Enter the Kerberos Key Distribution Center name and click Set Kerberos KDC. Click OK.
    Note: This field only accepts one Key Distribution Center. The Key Distribution Center address is usually the IP address of the Active Directory instance.
    Note: Double quotes are not allowed in this field.
  6. Enter the Kerberos Trusted User Name and click Set KCD trusted user name. Click OK.
    Note: The Kerberos Trusted User Name needs to be the same as the LoadMaster host name. The trusted user represents the LoadMaster. Refer to the Kerberos Constrained Delegation, Feature Description document for some further key requirements relating to the trusted user account.
    Note: Double and single quotes are not allowed in the Kerberos Trusted User Name field.
  7. Enter the Kerberos Trusted User Password and click Set KCD trusted user password. Click OK.