Kerberos Auth for URL monitoring

[psroberts]

Hello, wanted to check if there was any progress/update on this request. Thanks again for all the help.

[ssax]

What I've found on this is that if you are intending to pass the user/password every time then you would need to have the XI server setup for Kerberos and then the plugin would need to create the credentials cache file and then use that credentials cache file to contact the system.

Is your XI server already setup and using Kerberos tickets?

[psroberts]

I don't believe so. Do you know what is required for us to get Kerberos setup on the XI server?

[ssax]

Are you using Microsoft Active Directory Kerberos or do you have a non-Windows Kerberos infrastructure?

[psroberts]

It is non Microsoft AD. The Kerberos authentication is occurring in the cloud in our OKTA SSO instance, then redirects back internally.

[ssax]

Okay, that's a lot different scenario, I'm going to do some searching on this as I don't think we have a plugin that will do that (it's the same thing as ADFS/Cloud Directory Services/etc where it hands it back like you're saying).

[psroberts]

Are there any other plugins that support OKTA/SAML authentication. I believe I've seen this question raised before, but the answer back then was no, which is why we are trying the Kerberos auth method with OKTA. The OKTA admin can only setup either one of Kerberos or SAML but both will direct from our internal network, to the OKTA cloud, then direct back to our internal network.

[ssax]

I'm going to dig into this and see what options you have, we don't currently have an official plugin that can do it but I'll let you know what I find.

[ssax]

I was unable to find a plugin that does OKTA auth/saml auth.