Setting an SPN attribute
There are two possible ways to set the Service Principal Name (SPN) attribute:
Automatic variants
The AD user that is used to start the MasterService has write and read access in Active Directory. octoplant sets the attribute itself if you have sufficient authorization.
Manual variants
The domain administrator assigns the attribute SPN in the Active Directory to the user under which the MasterService is to be started. Point it to the following SPN format: HTTP/<octoplant Servername>.<FQDN>.
Proceed as follows
- Open the ADSI editor on the domain controller: Control Panel -> System and Security -> Management -> ADSI editor.
- Establish the connection to the server Domain.
- Search for the service user and then right-click on Properties.
- In the Attribute editor, search for the entry servicePrincipalName and then click on Edit.
-
Store the SPN for every server.
Format: HTTP/<octoplant Servername>.<FQDN>
- Restart the services.
-
SSO will now work.