Hi,
I have been looking at a number of posts about how to get Kerberos SSO to work in an Active Directory environment using Tomcat, and haven't found anyone who is using the AES 256 protocol to make it work. Everyone seems to be using RC4-HMAC which was incorporated into Microsoft's products for backwards compatibility to Windows 2000. SAP's documentation from 2011 indicates that algorithms other than RC4-HMAC weren't fully tested at that time. Using RC4_HMAC is a large security risk which can compromise your entire Windows domain. We would like to avoid that risk. Has anyone figured out if it is possible to configure Kerberos Delegation in SAP using a newer encryption algorithm like AES256_HMAC_SHA1?
Thanks in advance,
Mark