Connector for Microsoft Exchange - Authentication - Kerberos

MediaGateway must be installed in order to use the connector for Microsoft Exchange. A guide is available here.

Kerberos authentication for the Microsoft Exchange connector can be set in the configuration of the data source in the "Integration" module. You can find out how to create a new data source here.

In the configuration of the data source, you will find the setting "Kerberos (only with integrated authentication)" under "Authentication".

Kerberos will determine the login information according to the current Windows user and will log in automatically log. Please note the following basic requirements for successful authentication with Kerberos:

  • The Intrexx portal needs to operate with integrated authentication.

  • The users in your Active Directory must be correspondingly entered to Intrexx. Users can also be imported with ease. Please ensure that at least one user is contained in the Administrators group, so that you can continue to administrate the system.

  • The server on which the MediaGateway is installed requires the group permission "Delegation".

  • All clients and servers must be members of the same domain.

  • In Internet Explorer, the security settings for the zone to be used during user authentication must be set to "Automatic login with current user name and password". Additionally, the option for "Enable Integrated Windows authentication" must be selected in the advanced settings.

  • With Kerberos authentication, you have true single sign on for your users' access to the Exchange server and use the integrated Windows authentication.

If a user cannot be authenticated, session-based login is automatically activated.

Service Principal Name

For successful authentication, the entry of a so-called Service Principal Name (SPN) is required. The SPN contains the information about the service for whom a Kerberos ticket should be created. This ticket will be required for the MediaGateway server. The dialog will suggest a SPN to you, but in practice, it may need to be adjusted, depending on your system environment.

The SPN will usually be made up of the following components: host/<Computer DNS Name>@<KERBEROS_REALM> Computer DNS name: fully qualified host name (such as mycomputer.mycompany.com) KERBEROS_REALM: as a rule, the domain in capitals (like MYCOMPANY.COM) The SPN would, therefore, read as follows with the sample data: host/mycomputer.mycompany.com@MYCOMPANY.COM

The description of all further steps in a Microsoft Exchange data source configuration can be found here. Please also note the information under"Access data for the Exchange server".