My network is migrating form RC4 Kerberos Encryption to AES-256 Kerberos Encryption. I need to to know if AEM Forms SPNEGO SSO support AES-256, and if there are any additional SPNEGO SSO configuration using AES-256 Encryption. Thank you.
Solved! Go to Solution.
Views
Replies
Total Likes
Based on an internal discussion, AEM Forms SPNEGO SSO supports AES-256, and this switch shouldn't cause any issues.
Based on [0], I can see that type 18 is aes256-cts-hmac-sha1-96 so this encryption needs to be updated in the Kerberos config file otherwise these configurations will remain the same[1].
In case of any issues, enable the Debug logs on server, set the parameters -Djcsi.kerberos.debug=true, -Didm.spnego.debug=true and share the logs.
[0] - https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
After checking internally, I will get back to you, but the change would be required in the Kerberos config/ini file to use AES-256 encryption before enabling the known configuration[0].
Based on an internal discussion, AEM Forms SPNEGO SSO supports AES-256, and this switch shouldn't cause any issues.
Based on [0], I can see that type 18 is aes256-cts-hmac-sha1-96 so this encryption needs to be updated in the Kerberos config file otherwise these configurations will remain the same[1].
In case of any issues, enable the Debug logs on server, set the parameters -Djcsi.kerberos.debug=true, -Didm.spnego.debug=true and share the logs.
[0] - https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml