Showing results for 
Search instead for 
Do you mean 
Reply

Kerberos SSO RAC with registry key AllowTGTSessionKey

[ Edited ]

Our Teamcenter enviroments are:

  • TC10.1.2.2
  • .Net server manager
  • IIS
  • TcSS on Tomcat (ISAPI connector configured in IIS for login service)
  • JRE1.7.45

Applet Free SSO is working well for our production, now I'm working on the Kerberos zero sign-on solution.

After setup per the TC documentation, the web client is working well without any prompts. But RAC 4 tier client always get the password window, the zero sign-on only works when we set the registry key AllowTGTSessionKey to 1, as suggested in a live session with Siemens PDs for the IR I raised to GTAC.

kerberos_password_window.png

 

I also tested with JRE1.8.121, still have to set the registry key.

I can't find this registry key in any GTAC links or any discussions in this forum.

Does anyone have any ideas of it? Is the registry key a MUST for the Kerberos zero sign on?

 

 

7 REPLIES

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

Hello @Kalen,

 

I have been struggling with applet-free sso configuration for a while with no success.

It would be a great help if you can share your steps/documentaion.

Thanks!

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

Hello @xplm2005,

I setup the applet free SSO based on this GTAC document https://solutions.industrysoftware.automation.siemens.com/docs/newsletter/tc-applet-freesso-without-... and the official help document "Security Services Installation/Customization".

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

Hello @ardenb,

Thanks for your reply.

I have read this article before and tested that as the local administrator, even you set this registy key, you will still get the password window because you can't get the session key for the tickets as stated in that article.

But in my case, it's a normal user, not a local admin.

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

Hello @Kalen

 

Thanks for your response. I have some questions, but they are not related to this post, so I sent you a private message. Thanks!

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

Kalen,

I found one PR, #7960454, on the GTAC solutions site that was entered yesterday, and it says it's under investigation. I guess we'll have to wait to see what the result is.

Arden Bedell | Teamcenter Wonk | Applied CAx, LLC

Re: Kerberos SSO RAC with registry key AllowTGTSessionKey

[ Edited ]

Hi Arden,

Yes, I'm discussing it with a Siemens SME who helped covert my IR to a security PR. 

And I was told some customers who're running Kerberos SSO didn't encounter this issue ever.

So I posted here and want to know if anyone of you got the same issue.