Forum Discussion
Kevin_Stewart
Mar 06, 2014Employee
Two things:
-
The session.ssl.cert.subject is rarely ever just username@domain.com, but usually a full DN string. Are you parsing the username out of the subject?
-
You need to split the username@domain.com into two values (at the "@"): the username source for Kerberos SSO should just be the username, and the realm source should either be the cert realm or a statically assigned realm.