Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
101102103104105106107108109110
3. The browser retrieves the TGT of the administrator or user from the ticket cache on the computer that the administrator
or user is using.
The browser uses the TGT to request the service ticket for the BlackBerry Administration Service web server (which is
named HTTP/<BAS_pool_FQDN>) from the domain controller.
4. The domain controller provides the browser with the service ticket for the BlackBerry Administration Service web
server.
5. The browser sends the service ticket to the BlackBerry Administration Service web server in response to the HTTP-
Negotiate request.
6. The BlackBerry Administration Service web server performs the following actions:
It validates the service ticket using the Kerberos key that it received from the domain controller when the
BlackBerry Administration Service services started.
It requests a service ticket for the BlackBerry Administration Service application server (which is named
BASPLUGIN111/<BAS_pool_FQDN>) on behalf of the user.
7. The domain controller provides the BlackBerry Administration Service web server with the service ticket for the
BlackBerry Administration Service application server.
8. The BlackBerry Administration Service web server sends the service ticket to the BlackBerry Administration Service
application server.
9. The BlackBerry Administration Service application server performs the following actions:
It validates the service ticket using the Kerberos key that it received from the domain controller when the
BlackBerry Administration Service services started. If the service ticket is valid, the administrator or user is
authenticated successfully with the
BlackBerry Administration Service using Kerberos.
It checks if the administrator or user is a BlackBerry device user or a BlackBerry Administration Service
administrator.
It checks the role of the administrator or user and assigns the administrator or user the permissions that are
associated with the role.
It sends a security session to the BlackBerry Administration Service web server for the administrator or user.
10. The BlackBerry Administration Service web server redirects the administrator or user to the BlackBerry Administration
Service console home page or BlackBerry Web Desktop Manager home page.
Security Technical Overview Protecting communications in your organization's environment
101