Configure the Active Directory userstore if the existing Active Directory user store’s search context does not contain the computers DN.
Click Devices > Identity Servers > Edit > Local > User Stores > New.
Specify user store’s IP address and credentials, replica details, and add the search context where domain joined computers exists. For example, CN=computers, DC=cloudtest, DC=info.
For more information about configuring a user store, see Configuring Identity User Stores.
Create a Kerberos class. See Creating the Authentication Class, Method, and Contract.
Create a Kerberos method for the existing Kerberos class.
Click Devices > Identity Servers > Edit > Local > Methods > New.
Specify a name, select the Kerberos class, and then select the user store created in Step 1.
Click OK.
Configure WS-Trust STS.
Click Devices > Identity Servers > Edit > WS-Trust > STS Configuration.
Under Authentication Methods, move the Kerberos method created in Step 3 from Available Authentication Methods to Selected Authentication Methods.
Click OK.
Edit Identity Server’s web.xml.
For information about how to edit a file, see Modifying Configurations.
Add the NetIQSTS12MEX Servlet with the following details:
<servlet> <servlet-name>NetIQSTS12MEX</servlet-name> <jsp-file>/jsp/mex.jsp</jsp-file> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>NetIQSTS12MEX</servlet-name> <url-pattern>/wstrust/sts/mex</url-pattern> </servlet-mapping>
NOTE:Ensure to comment out the following Servlet mapping:
<!-- <servlet-mapping> <servlet-name>NetIQSTS</servlet-name> <url-pattern>/wstrust/sts/mex</url-pattern> </servlet-mapping> -->