Hi Patrik,
In CP4BA, authentication is handled by the CloudPak Foundational Services Identity Management (IM) component. This only supports integrations with LDAP, SAML, and OIDC. Kerberos is not supported.
Since you are using Keycloak, you should be able to integrate Kerberos SSO with Keycloak. I found this link which might be helpful
https://medium.com/@rishabhsvats/red-hat-single-sign-on-integration-with-kerberos-user-federation-f9c9e757ace
Once you have Keycloak working with Kerberos, you should be able to integrate Keycloak with IM via SAML for authentication. I don't believe IM supports Keycloak for SCIM yet. So you will need to ensure the sc_skip_ldap_config parameter is set to false in your CP4BA Custom Resource (CR) to allow FileNet authorization to use an LDAP connection to your MS Active Directory for authorization as described in https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=scp-shared-configuration
------------------------------
ROGER Bacalzo
------------------------------
Original Message:
Sent: Wed September 04, 2024 06:45 AM
From: Patrik Vinčur
Subject: Integration of FileNet on CP4BA with MS AD for SSO using Kerberos
Hello everyone,
I am currently running IBM FileNet on Cloud Pak for Business Automation (CP4BA) within an OpenShift private cloud environment. In this setup, I also have Keycloak deployed for identity and access management. Additionally, my organization uses a Windows Server with Active Directory (AD) for user authentication.
I would like to configure the system so that users can log in to their Windows domain accounts and then access FileNet components, such as IBM Content Navigator, without needing to re-authenticate. Essentially, I am looking to implement Single Sign-On (SSO) using Kerberos.
Could anyone provide guidance on how to achieve this integration? Specifically, I am interested in how to configure FileNet on CP4BA to authenticate users through AD and enable SSO via Kerberos.
Thank you in advance for your help!
------------------------------
Patrik Vinčur
------------------------------