A logical link needs to be created between Active Directory and the firewall in order for SSO (SPNEGO) to be used. This link is created in three steps:
- Creation of a specific user account in Active Directory.
- Creation of a logical link between this user account and the SSO service in Active Directory using a script (spnego.bat: available in the Mystormshield client area).
- Transferring a file produced from this association to the firewall via the administration interface in order to enable SPNEGO. Handle this file with care, as it contains a password (also called a “key”). Even though it is encrypted, it is still considered sensitive.
The configuration parameters of each component of the architecture need to be modified in order to set up SPNEGO features:
- The domain controller,
- The firewall,
- Client workstations (especially the web browser).
An appliance that does not appear in the diagrams also plays an important role – the DNS server.