Owner's Manual
Figure 3. Multiple Domain Environment Diagram
To set up the Kerberos SSO multiple domain environment, install Power Center, set up SPN for Power Center service,
and configure the Web browser.
Windows NT LAN Manager (NTLM) Authentication Limitation
Power Center supports Kerberos SSO for Windows domain user authentication. To enable this feature, Power Center is
configured to support the Windows integrated authentication option which includes two authentication mechanisms:
Kerberos and NTLM .
NTLM is not supported in Power Center. If the client’s Web browser uses NTLM to authenticate domain users for Power
Center, there are some limitations.
What is the limitation?
The Web browser displays a message box requiring a Windows user name and password.
• If you click OK after entering a user name and password, whether the information is correct or not, the Power
Center login page displays and requires you to authenticate through the login page.
• If you click Cancel, an HTTP Status 401 failure displays, and you cannot log into Power Center.
When does this occur?
This occurs when one of the following elements of Kerberos SSO is not correctly configured: Power Center server, Web
browser. or the AD domain controller configuration.
37