Connector for Microsoft Exchange - Authentication - Kerberos

MediaGateway must be installed in order to use the connector for Microsoft Exchange. You can find instructions here.

Kerberos authentication for the Microsoft Exchange connector can be set in the configuration of the data source in the "Integration" module. You can find out how to create a new data source here.

In the configuration of the data source, you will find the setting "Kerberos (only with integrated authentication)" under "Authentication".

Kerberos will determine the login information according to the current Windows user and will log in automatically log. Please note the following basic requirements for successful authentication with Kerberos:

  • The Intrexx portal must be operated with integrated authentication.

  • The users in your Active Directory must be correspondingly entered to Intrexx. You can also easily import users. Please ensure that at least one user is contained in the Administrators group, so that you can continue to administrate the system.

  • The server on which the MediaGateway is installed requires the "Delegation" group policy.

  • All clients and servers must be members of the same domain.

  • In Internet Explorer, "Automatic login with current user name and password" must be set in the security settings of the zone used for user authentication. In addition, the setting "Activate integrated Windows authentication" must be set in the advanced settings.

  • With Kerberos authentication, you have a real Single sign-on for your users' access to the Exchange server and use the integrated Windows authentication.

If a user cannot be authenticated, session-based login is automatically activated.

Service Principal Name

A service principal name (SPN) must be specified for successful authentication. The SPN contains the information about the service for whom a Kerberos ticket should be created. This ticket is required for the MediaGateway server. The dialog will suggest a SPN to you, but in practice, it may need to be adjusted, depending on your system environment.

The SPN is usually structured as follows: host/<computer DNS name>@<KERBEROS_REALM>. Computer DNS name: fully qualified host name (such as mycomputer.mycompany.com) KERBEROS_REALM: as a rule, the domain in capitals (like MYCOMPANY.COM) The SPN would, therefore, read as follows with the sample data: host/mycomputer.mycompany.com@MYCOMPANY.COM

The description of all further steps in a Microsoft Exchange data source configuration can be found here. Please also note the information under"Access data for the Exchange server".