Single sign-on by using Kerberos

IBM® Safer Payments allows SSO login by using Kerberos.

Extra setup steps on the IBM Safer Payments server, outside of the IBM Safer Payments configuration, must be completed.

  • Your IBM Safer Payments configuration must be connected to an existing LDAP (or Active Directory) server. After turning on LDAP in Administration > System Configuration, you can select the Allow Single Sign On option.
  • You must create a keytab file on your Kerberos (or Active Directory) server and deploy it to all IBM Safer Payments servers that are used for API access.
  • You must change some system configuration files on the IBM Safer Payments server to point to your Kerberos (or Active Directory) server.
  • Finally, every user must run a setup step on the web browser to allow the browser to pass the users authentication parameters to the server.
  • For more information about the setup process, see Administration > System Configuration > LDAP in the online help.
Note: SSO is not required for operation in accordance to PA-DSS.