Our Teamcenter enviroments are:
Applet Free SSO is working well for our production, now I'm working on the Kerberos zero sign-on solution.
After setup per the TC documentation, the web client is working well without any prompts. But RAC 4 tier client always get the password window, the zero sign-on only works when we set the registry key AllowTGTSessionKey to 1, as suggested in a live session with Siemens PDs for the IR I raised to GTAC.
I also tested with JRE1.8.121, still have to set the registry key.
I can't find this registry key in any GTAC links or any discussions in this forum.
Does anyone have any ideas of it? Is the registry key a MUST for the Kerberos zero sign on?
I setup the applet free SSO based on this GTAC document https://solutions.industrysoftware.automation.siemens.com/docs/newsletter/tc-applet-freesso-without-... and the official help document "Security Services Installation/Customization".
Thanks for your reply.
I have read this article before and tested that as the local administrator, even you set this registy key, you will still get the password window because you can't get the session key for the tickets as stated in that article.
But in my case, it's a normal user, not a local admin.
I found one PR, #7960454, on the GTAC solutions site that was entered yesterday, and it says it's under investigation. I guess we'll have to wait to see what the result is.
Yes, I'm discussing it with a Siemens SME who helped covert my IR to a security PR.
And I was told some customers who're running Kerberos SSO didn't encounter this issue ever.
So I posted here and want to know if anyone of you got the same issue.