Configuration of SSO using Kerberos

Safer Payments allows SSO login using Kerberos, which needs additional setup steps on the Safer Payments server, outside of the Safer Payments configuration.

  • Your Safer Payments configuration must be connected to an existing LDAP (or Active Directory) server. After turning on LDAP in Administration, System Configuration you can select the ‘Allow Single Sign On’ option.
  • You must create a keytab file on your Kerberos (or Active Directory) server and deploy it to all Safer Payments servers that are used for API access.
  • You must alter some system configuration files on the Safer Payments server to point to your Kerberos (or Active Directory) server.
  • Finally, every user must run a setup step on the web browser to allow the browser to pass the users authentication parameters to the server.
  • Detailed information on the setup process is available in the Safer Payments online help under Administration, System Configuration, LDAP.
Note: SSO is not required for operation in accordance to PA-DSS.