Before configuring any OnBase web applications, you must first:
-
Register a Service Principal Name (SPN) to a domain account in Microsoft Windows
-
Set the registered SPN account to trust delegation in Active Directory
The SPN only needs to be registered once for the HTTP service on the server, even though a server may host one or more OnBase web applications.
The domain account that is registered as the SPN must be the same as the application pool identity that is running all of the application pools for OnBase web applications on the server.
The SPN is registered using the Microsoft Windows Setspn command-line tool. To successfully register the SPN, you must have domain administrative privileges on the server or be logged in under a user account with those privileges delegated to it.
Setspn is a Microsoft tool. For complete details on registering SPNs and using the Setspn tool, see the documentation provided by Microsoft for Windows servers. The example included in this section is for illustration purposes only.
For example, to register the SPN for the HTTP service, for fully qualified domain name myserver.mydomain.net, to the application pool identity jdoe, type:
Setspn -s HTTP/myserver.mydomain.net mydomain\jdoe
After registering the SPN you must also set that user account to trust delegation. This is configured in Microsoft Windows by launching the Active Directory Users and Computers toolkit with elevated administrator privileges.
Active Directory is a Microsoft product. Complete details on using and configuring Active Directory can be found in the documentation provided by Microsoft.
In the Active Directory Users and Computers toolkit: