Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
919293949596979899100
Kerberos services. The Kerberos keys permit the BlackBerry Administration Service to verify the Kerberos service tickets
that browsers send during single sign-on.
Browsers that support Integrated Windows authentication can obtain the Kerberos service ticket automatically for the
BlackBerry Administration Service when administrators or users browse to the BlackBerry Administration Service console
or BlackBerry Web Desktop Manager.
The Kerberos service that the BlackBerry Administration Service web server hosts uses its Kerberos keys to verify the
Kerberos service tickets that browsers send when they request access to the BlackBerry Administration Service console or
BlackBerry Web Desktop Manager. If the Kerberos service tickets are valid, the BlackBerry Administration Service web
server delegates the request to the
BlackBerry Administration Service application server.
To delegate the request, the BlackBerry Administration Service web server creates a service ticket using its identity for the
Kerberos service that the BlackBerry Administration Service application server hosts. When the Kerberos service that the
BlackBerry Administration Service application server hosts verifies the service ticket, the BlackBerry Administration
Service completes the Kerberos authentication process for the administrators or users and the administrators or users can
view the BlackBerry Administration Service console home page or BlackBerry Web Desktop Manager home page.
Data flow: Accessing the BlackBerry Administration
Service console and BlackBerry Web Desktop Manager
when you configure BlackBerry Administration Service
single sign-on
1. An administrator or a BlackBerry Web Desktop Manager user uses a browser to navigate to the BlackBerry
Administration Service web page (https://<BAS_pool_FQDN>/webconsole/login) or BlackBerry Web Desktop Manager
web page (https://<BAS_pool_FQDN>/webdesktop/login).
2. The BlackBerry Administration Service web server sends an HTTP Negotiate request to the browser to start single sign-
on authentication.
For more information about the HTTP Negotiate request, see http://msdn.microsoft.com/en-us/library/ms995330.aspx.
Security Technical Overview Protecting communications in your organization's environment
100