Skip to main content
Skip table of contents

Single Sign On with Kerberos

When an Active Directory authentication service has been configured , it is possible to enable single sign on for Windows users of SuperCROSS and the SuperADMIN console. This works by using Kerberos to automatically log in to SuperSTAR using credentials retrieved from the user's Windows login. A user logged in to a Windows workstation with his or her domain account can login to SuperADMIN console and SuperCROSS without re-entering any credentials.

Single Sign On with Kerberos is only supported when SuperADMIN is running on Windows.

Enable Kerberos in SuperADMIN

First, you must enable Kerberos in SuperADMIN using the following command (replace <service_name> with the name of the authentication service):

CODE
auth <service_name> useKerberos true

Once Kerberos is enabled in SuperADMIN server, the console will automatically start using it. In order to perform a Kerberos login using your Windows credentials, simply use the login command without any arguments:

CODE
login

If Kerberos is working you will be immediately logged in and see a message like:

CODE
user <your-windows-username> logged in

If Kerberos is not working, you will be prompted to enter a username and password.

To login as a different user when Kerberos is enabled, you must specify the alternative username and password with the login command:

CODE
login <other-user> <other-user-password>

The SuperADMIN  console will automatically attempt Kerberos authentication when it is enabled on the server. However, by default, it will attempt the standard SuperADMIN authentication first, requiring a username and password to be entered before proceeding to try Kerberos.

To give preference to Kerberos authentication, increase the priority of the Kerberos-enabled authentication service. For example:

CODE
auth <service_name> priority 200

Enable Kerberos in SuperCROSS

You must also enable support for Kerberos in SuperCROSS by editing the file C:\ProgramData\STR\SuperCROSS\Catalogue\ssii.ini

Make a backup copy of this file before making any changes.

  1. Close SuperCROSS if it is running
  2. Open ssii.ini in a text editor.
  3. Add the following lines to the end of the file:

    CODE
    [SingleSignOn]
    SSODLL=SSPI_Kerberos.dll
  4. Save the file and restart SuperCROSS.

  5. Select File > SuperADMIN Connection.



    The SuperSTAR II SuperADMIN Connection dialog displays.

  6. Select the Automatic sign-on using Windows credentials (Kerberos) check box:

  7. Click OK.

You can now connect to databases as usual without needing to provide any credentials.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.