Does Adobe Experience Manager Forms supports AES-256 encryption using SPNEGO?

Question

My network is migrating form RC4 Kerberos Encryption to AES-256 Kerberos Encryption.  I need to to know if AEM Forms SPNEGO SSO support AES-256, and if there are any additional SPNEGO SSO configuration using AES-256 Encryption.  Thank you.

Pulkit_Jain_ · Accepted Answer

@coldwarsoldierBased on an internal discussion, AEM Forms SPNEGO SSO supports AES-256, and this switch shouldn't cause any issues.Based on [0], I can see that type 18 is aes256-cts-hmac-sha1-96 so this encryption needs to be updated in the Kerberos config file otherwise these configurations will remain the same[1].In case of any issues, enable the Debug logs on server, set the parameters -Djcsi.kerberos.debug=true, -Didm.spnego.debug=true and share the logs. [0] - https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml [1] - https://experienceleague.adobe.com/docs/experience-manager-64/forms/administrator-help/configure-user-management/enabling-single-sign-on-aem.html?lang=en#enable-sso-using-spnego

Pulkit_Jain_ · Answer

@coldwarsoldier

After checking internally, I will get back to you, but the change would be required in the Kerberos config/ini file to use AES-256 encryption before enabling the known configuration[0].

[0] - https://experienceleague.adobe.com/docs/experience-manager-64/forms/administrator-help/configure-user-management/enabling-single-sign-on-aem.html?lang=en#enable-sso-using-spnego

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded