Expand my Community achievements bar.

SOLVED

Does Adobe Experience Manager Forms supports AES-256 encryption using SPNEGO?

Avatar

Level 2
Level 2
7/11/22 8:48:11 AM

My network is migrating form RC4 Kerberos Encryption to AES-256 Kerberos Encryption.  I need to to know if AEM Forms SPNEGO SSO support AES-256, and if there are any additional SPNEGO SSO configuration using AES-256 Encryption.  Thank you.

Views

414

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/14/22 12:59:06 AM
In response to Pulkit_Jain_

@coldwarsoldier

Based on an internal discussion, AEM Forms SPNEGO SSO supports AES-256, and this switch shouldn't cause any issues.

Based on [0], I can see that type 18 is aes256-cts-hmac-sha1-96 so this encryption needs to be updated in the Kerberos config file otherwise these configurations will remain the same[1].

In case of any issues, enable the Debug logs on server, set the parameters -Djcsi.kerberos.debug=true, -Didm.spnego.debug=true and share the logs.

 

[0] - https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml 

[1] - https://experienceleague.adobe.com/docs/experience-manager-64/forms/administrator-help/configure-use... 

View solution in original post

Views

387

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Employee Advisor
Employee Advisor
7/12/22 9:58:36 PM

@coldwarsoldier 

After checking internally, I will get back to you, but the change would be required in the Kerberos config/ini file to use AES-256 encryption before enabling the known configuration[0].

 

[0] - https://experienceleague.adobe.com/docs/experience-manager-64/forms/administrator-help/configure-use... 

Views

396

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/14/22 12:59:06 AM
In response to Pulkit_Jain_

@coldwarsoldier

Based on an internal discussion, AEM Forms SPNEGO SSO supports AES-256, and this switch shouldn't cause any issues.

Based on [0], I can see that type 18 is aes256-cts-hmac-sha1-96 so this encryption needs to be updated in the Kerberos config file otherwise these configurations will remain the same[1].

In case of any issues, enable the Debug logs on server, set the parameters -Djcsi.kerberos.debug=true, -Didm.spnego.debug=true and share the logs.

 

[0] - https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml 

[1] - https://experienceleague.adobe.com/docs/experience-manager-64/forms/administrator-help/configure-use... 

Views

388

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
AEMaaCS - Core forms component Date input issues

Views

7

Likes

0

Replies

0
AEMaaCS - id attribute on core form components

Views

10

Likes

0

Replies

0
What are the requirements to get an adaptative form fully published in a publish instance? (NOT LOCAL ENVIRONMENT)

Views

46

Likes

0

Replies

2
Internal Server Error on AEM forms. com.adobe.aemds.guide.internal.impl.taglibs.GuideContainerLayoutHTML Some Problem While Posting to rest End Point

Views

16

Likes

0

Replies

0
Value Field is not present in the core dropdown list component OOTB for AEM Adaptative Forms, not able to send the value. Any help?

Views

46

Likes

0

Replies

0