Kerberos authentication between multiple domains may fail on LiveCycle Rights Management ES 8.2.1



Similar documents
Specops Command. Installation Guide

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Windows Clients and GoPrint Print Queues

How to Copy A SQL Database SQL Server Express (Making a History Company)

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

MY HELPDESK - END-USER CONSOLE...

RoomWizard Synchronization Software Manual Installation Instructions

OSF INTEGRATOR for. Integration Guide

Managing User Accounts

Installation Logon Recording Basis. By AD Logon Name AD Logon Name(recommended) By Windows Logon Name IP Address

Information & Communication Technologies FTP and GroupWise Archives Wilfrid Laurier University

Configure Single Sign on Between Domino and WPS

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

How To Encrypt A Traveltrax Report On Gpg On A Pc Or Mac Or Mac (For A Free Download) On A Thumbdrive Or Ipad Or Ipa (For Free) On Pc Or Ipo (For An Ipo)

Server Installation Manual 4.4.1

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

Basic Exchange Setup Guide

Installing GFI MailArchiver

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Configuring IBM Cognos Controller 8 to use Single Sign- On

Managing User Accounts

Montefiore Portal Quick Reference Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

NovaBACKUP xsp Version 15.0 Upgrade Guide

Microsoft IAS Configuration for RADIUS Authorization

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

How to Use Remote Access Using Internet Explorer

Adobe Connect LMS Integration for Blackboard Learn 9

Device Log Export ENGLISH

LDAP Server Configuration Example

Installation Guide. (You can get these files from

Basic Exchange Setup Guide

Getting Started with Tableau Server 6.1

Installation Guide. Before We Begin: Please verify your practice management system is compatible with Dental Collect Enterprise.

Wireless Guest Server User Provisioning Instructions

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client

How to Implement Two-Way SSL Authentication in a Web Service

Installing Logos SSL Certificates on Mobile Devices

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

WatchDox for Windows. User Guide. Version 3.9.5

PORTAL ADMINISTRATION

Sametime Gateway Version 9. Deploying DMZ Secure Proxy Server

BusinessObjects Enterprise XI Release 2

SAS 9.3 Foundation for Microsoft Windows

Connecting to Remote Desktop Windows Users

Managing User and Computer Accounts

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Using LDAP Authentication in a PowerCenter Domain

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

PingFederate. IWA Integration Kit. User Guide. Version 3.0

Setting Up Scan to SMB on TaskALFA series MFP s.

Installation and Configuration Guide

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

How to Join QNAP NAS to Microsoft Active Directory (AD)

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

App Orchestration 2.5

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Windows 7 Hula POS Server Installation Guide

Using Internet or Windows Explorer to Upload Your Site

How to Configure Microsoft System Operation Manager to Monitor Active Directory, Group Policy and Exchange Changes Using NetWrix Active Directory

Using. Microsoft Virtual PC. Page 1

WatchDox for Windows User Guide. Version 3.9.0

Using ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT

How-to: Single Sign-On

Configuring MailArchiva with Insight Server

CA Nimsoft Service Desk

ThinManager and Active Directory

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Fairfield University Using Xythos for File Sharing

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Configuring Single Sign-On for Application Launch in OpenManage Essentials

CafePilot has 3 components: the Client, Server and Service Request Monitor (or SRM for short).

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

IBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager

How To - Implement Single Sign On Authentication with Active Directory

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

Security Provider Integration Kerberos Authentication

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

Upgrade Guide BES12. Version 12.1


HWS Virtual Private Network Configuration and Setup Mac OS X 12/19/2006

Configuring User Identification via Active Directory

Install SQL Server 2014 Express Edition

App Orchestration 2.0

Microsoft Dynamics GP Release

How To Export Data From Exchange To A Mailbox On A Pc Or Macintosh (For Free) With A Gpl Or Ipa (For A Free) Or Ipo (For Cheap) With An Outlook 2003 Or Outlook 2007 (For An Ub

Browser-based Support Console

Novell Filr. Windows Client

Computer Science and Engineering MacOS Cisco VPN Client Installation and Setup Guide

Security Provider Integration RADIUS Server

IIS, FTP Server and Windows

uh6 efolder BDR Guide for Veeam Page 1 of 36

bbc Installing Your Development Environment Adobe LiveCycle ES July 2007 Version 8.0

Transcription:

Kerberos authentication between multiple domains may fail on LiveCycle Rights Management ES 8.2.1 Issue Resolution There is an issue in LiveCycle Rights Management ES, version 8.2.1, where Active Directory users who do not belong to the same domain as the LiveCycle ES server cannot log in using Kerberos authentication. The authentication screen appears when the certificate is passed to Acrobat. This behavior is incorrect. This issue occurs under the following conditions: Your LiveCycle ES 8.2.1 environment has two Active Directory domains in a trust relationship with each other. The domains are synchronized into two separate User Management domains. Kerberos-based authentication is enabled on both domains. To resolve this issue, you must apply the LiveCycle ES Quick Fix 0.17, export the config.xml file from LiveCycle Administration Console, make the modifications described below and then reimport the config.xml file. There are two main tasks required to modify the config.xml file: For each domain in your configuration, you will add a node in its AuthConfigs node that contains the Kerberos configuration of the other domains. In the [LiveCycleES_domain]\AuthProviders\Kerberos node, you will add the locations of the new nodes to the : (colon) separated list in the configinstance property. Note: For Active Directory 2003 users, the username entered as the Service User for the Kerberos authorization must be set on the server providing the Kerberos authorization. Do this by typing the following at a command prompt: setspn -A <LC_server_name>/<LC_server_name> <username> You must run this command for the Service User on each Active Directory 2003 server. 1. Apply the LiveCycle ES Quick Fix 0.17 available from Adobe Support by following the instructions provided. 2. Once you have successfully applied the quick fix, open a web browser, navigate to http://[host name]:[port]/adminui and log in. 3. Navigate to Settings > User Management > Configuration > Import and export configuration files. 4. Click Export to download a copy of the config.xml file. 5. Open the config.xml file in an editor. 6. For each domain, add a node under AuthConfigs containing the Kerberos configuration of the other domains. See code example below. 1

Administering LiveCycle ES Resolution 2 7. Locate the UM\AuthProviders\Kerberos node and add the locations of the new nodes in the value of the configinstance property. The values must be separated by colons. Note: You must enter the password for the authorized Service User of each new node added. For security reasons, existing password values are left blank in the exported config.xml file but the values will be required for the new nodes when you import the file. 8. Save and close the config.xml file. 9. In LiveCycle Administration Console, return to Settings > User Management > Configuration > Import and export configuration files. 10. On the Manual Configuration screen, ensure that User Management is selected as the configuration to import. 11. In the Select a configuration file to import box, enter the full path and file name of the edited config.xml or click Browse to navigate to it. 12. Click Import to continue. A message will appear on the screen indicating that the file was successfully imported. 13. Click OK to confirm the updated settings. Example For this example, there are two domains with Kerberos enabled: server1 and server2. The unedited values in the newly exported config.xml file would resemble the following (examples of the modified values follow): 1. <node name= UM > <node name= AuthProviders > <node name= Kerberos >... <entry key= configinstance value=/adobe/livecycle/config/um/domains/server1/authconfigs/server1_ kerberos:/adobe/livecycle/config/um/domains/server2/authconfigs/serve r2_kerberos

Administering LiveCycle ES Resolution 3 2. <node name= UM > <node name= server1 > <node name="server1_kerberos"> 3. <node name= UM > <node name= server2 > <node name="server2_kerberos">

Administering LiveCycle ES Resolution 4 The following examples show the values after the Kerberos settings have been copied for each domain into a new node in the AuthConfigs node: 1. <node name= UM > <node name= AuthProviders > <node name= Kerberos >... <entry key= configinstance value=/adobe/livecycle/config/um/domains/server1/authconfigs/server1_ kerberos:/adobe/livecycle/config/um/domains/server1/authconfigs/serve r1_kerberos02:/adobe/livecycle/config/um/domains/server2/authconfigs/ server2_kerberos:/adobe/livecycle/config/um/domains/server2/authconfi gs/server2_kerberos02 2. <node name= UM > <node name= server1 > <node name="server1_kerberos"> <node name="server1_kerberos02">

Administering LiveCycle ES Resolution 5 3. <node name= UM > <node name= server2 > <node name="server2_kerberos"> <node name="server2_kerberos02">

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information