Question:
How do you configure DocuWare with Kerberos Authentication in versions 7.4 and greater?
Answer:
In order to configure DocuWare with Kerberos authentication, please complete the following,
- Go to IIS Manager.
- In the Application Pools, find "DocuWare Platform Services App Pool", "DocuWare Platform Settings App Pool," and "DocuWare Identity App Pool"
- Right-click and select "Advanced Settings". Find Identity and change the value to "LocalSystem" for each of the specified App Pools.
- In IIS, navigate to Sites >Default Web Site >DocuWare >Identity (Where DocuWare resides may differ), then open Authentication.
- After you open Authentication, enable Windows Authentication and Disable all other authentication methods.
- Right-click "Windows Authentication" and select “Providers”
- From the list of Available Providers, select “Negotiate:Kerberos” and remove the rest. You will be warned about Kernel mode. If you have it enabled, then save and right-click Windows Authentication again. This time select “Advanced Settings” and disable Kernel Mode (you can set “Extended Protection” to Off if you have trouble, but it could be a security risk.)
- Test Windows Login with Fiddler. Check the authentication tab to make sure DocuWare uses Kerberos.
KBA is applicable for On-premise Organizations ONLY.
