Logging on to the EUQ management console using SSO requires the following:
Procedure
Verify that LDAP1 or LDAP2 servers are enabled and specified as in use for
Active Directory (IP address or domain name or FQDN).
Verify that the DNS server is configured for IMSS contains the record of the Kerberos
service.
Verify that the endpoint operating system supports (and enables) Kerberos
authentication:
Time should be synchronized between IMSS and the Kerberos
authentication service.
Using FireFox: The about:config link is configured
to add the negotiate-auth trusted url list.
Using Internet Explorer: The EUQ management console is added to the
internal site list.
The Windows integrated authentication setting in Internet Explorer is
enabled.
Using Windows Vista or above, use the hostname as the instance when
generating a keytab file.
Verify that only one EUQ management console instance is mapped to one user
account. If the instance is mapped to more than one user, SSO will not
work.
If EUQ is deployed in a parent-child deployment, verify that you are using the
parent device’s 8447 port to access EUQ. SSO will not work if a child’s port is
used.
Verify that the account provided on the LDAP Settings screen has permission to
look up all accounts for authentication.
