Seeq SSO using Kerberos is not working on Clients

[Muhammad Atiyab]

Hi all,

We had the Kerberos authentication enabled earlier. As mentioned in the documentation, it is mandatory for the seeq site to be trusted for it to resolve using SSO. We have the site already under trust, but still the seeq url is not resolving SSO but rather prompting user and password as normal. on Server side, adding the url to Intra zone made it to connect. Can anyone elaborate what specific AD policy might be blocking the SSO from Seeq if the site is already under whitelist for the users. or is it mandatory for it to be under the intranet of IE security settings for it to work? If anyone can shed light on it will be really helpful. Thanks.

[Mike Cantrell]

Hi Muhammad,

You have experienced one of the limitations of Kerberos.  The Seeq server must be in the Internet Zone for the SSO to work.  This is in addition to the browsers setting in the prerequisite section of that KB article.

Our documentation on using Kerberos has the following information (located here):  

Seeq is running on an intranet site OR the URL for the Seeq site has been configured to be in the Intranet zone via IE's security settings.

1. This is essential if the Windows Auth connector is a remote agent and the main Seeq server is running as an off-site SaaS.  In this case the URL for the main Seeq server will need to be configured as an intranet site in IE's security settings because Window's default settings are to only allow automatic logon for the Intranet zone:
    

Very Respectfully,

Mike Cantrell