AnsweredAssumed Answered

How does FileMaker Server v13 Web Publishing use Kerberos (SSO) and Open Directory?

Question asked by drowland@una.ab.ca on Dec 11, 2015
Latest reply on Jan 19, 2016 by TSGal

FileMaker Server 13.0.9.905

OS X 10.10.5 (Server) and OS X 10.10 - 10.11 (Clients)

Description: Our Open Directory server is seeing requests for kerberos service tickets when users log into FileMaker.

FileMaker Server using External Authentication and is anonymously bound to Open Directory.

 

When web users are logging in, we're seeing requests for kerberos (SSO) service tickets from the FileMaker Server to the Open Directory Server. This does not occur when FM Client users log in.

 

12/11/2015 9:22:33.779 AM kdc[92]: TGS-REQ webUsername@openDirectoryServer.UNA.AB.CA from filemakerServer:64833 for host/fileMakerServer.una.ab.ca@openDirectoryServer.UNA.AB.CA [forwardable]

 

TGS-REQ = request from the client for service granting ticket (service presumably the web service not filemaker)

host/fileMakerServer.una.ab.ca@openDirectoryServer.UNA.AB.CA = this is the service ticket the client is asking for

 

We are under the assumption that Kerberos (SSO) only works between Windows clients and Active Directory, however this appears to be related to the Web Publishing engine, not client <--> server connections.

Outcomes