Under the advice that an ARIS tenant is defined as:
“A “tenant” is a client organization sharing utilization of a single software
instance on a server with other tenants having dedicated separated ant data and
utilizing the provided standard or limited customized virtual application
instance. A multi-tenant system is a software architecture where a single
instance of the Software runs on a server serving multiple client organizations
and/or multiple departmental organizations within one client (tenants). With a
multi-tenant architecture, the software application is designed virtually to
partition its data and configuration and each client organization works with a
standard or very limited customized virtual application instance. A single –
tenant system is a software architecture where the tenant is provided with a
single and dedicated instance of the Software with full configurability of the
Software, own database, enhanced security and an individual or segregated
virtual server installation (with security controls).”
DHS have tried to enable SSO via Kerberos ( see Support Incident: 5368801
Kerberos SSO stops working after login in other tenant) is there a way to
enable multiple tenants (e.g. Default, New tenant) to have SSO working while
talking to 2 Active Directory realms, e.g. different KDC, Realm?
is there a patch/fix/version upgrade that would enable it to work?
Here is the text from their support incident:
DHS have configured Kerberos SSO on 2 tenants (default and
.
They use a different KDC, Realm, Prinicipal, key table and configuration file.
We are able to login SSO to the default tenant after an ACC startall. e.g.
http://:8080/umc/?tenant=default
However, after logging into the other tenant (e.g. newTenant, eg
http://:8080/umc/?tenant= ), the Kerberos SSO
stops working on the default tenant.
Please find attached partial log from
ARIS\server\bin\work\work_umcadmin_l\base\logs\umc.txt with Kerberos debug
ticked.
1. User logs into default tenant UMC via SSO - works
2. User opens the url, Kerberos gives an error as the user is
not in in newTenant.
3. User logs into the as system user -works
4. Log out of
5. User tries to log into the default tenant umc via SSO - fails
6. User tries to log into the default tenant umc via username and password-
works
Resolution - Solution Provided
Type :
Configuration
|
Brainstorm ID | 7165 |
Created on Brainstorm | 07/18/2019 05:22 PM |