Thursday, March 8, 2012

How to configure WSO2 Identity Server to act as a Key Distribution Center?

From WSO2 Carbon version 3.2.0 onward, all the products are embedded with LDAP server.  This embedded LDAP has a KDC (Key Distribution Center) running which is capable of issuing Kerberos tickets to clients and services who are in the LDAP server. By default this KDC is disabled. Let's see what are the steps that we should follow to enable this KDC.

In this blog post I'm going to explain how to enable KDC in WSO2 IS 3.2.3

You have to change following configuration files in order to enable KDC

1) embedded-ldap.xml (CARBON_HOME/repository/conf)

2) user-mgt.xml (CARBON_HOME/repository/conf)

If KDC is sucessfully enabled, you'll see followng log printed when server is starting

INFO {} - Kerberos service started. Kerberos service started.

In addition to acting as a KDC,  WSO2 IS supports adding Service Principals through UI. To achieve this  login through management console and go to Configure -> Kerberos KDC -> Service Principals. You can see that "Add new service principals" option is now enabled and you'll be able to add service principals through that option as shown in following image.

No comments:

Post a Comment