• Home
• Foundation Release Notes
  • Foundation 12.0.x Release Notes
    • Composer
    • User Governance
    • Workflow
    • SAP Integration Server
  • Foundation 11.2.12 Release Notes
  • Foundation 11.2 and earlier Release Notes
    • Composer release notes
    • User Governance
    • Winshuttle Workflow
    • SAP Integration Server
    • License Management System
• Foundation 12 Product Availability Matrix
• Foundation 12 System Requirements
• Foundation 12 Help
  • Installing Foundation 12
  • Foundation Menu overview
  • Foundation configuration - First Tasks
  • User Governance Help
    • Creating custom document libraries
    • Adding a new Foundation Site
    • Managing licenses
    • Managing users, permissions, and roles
    • Managing content
    • Reports and audits
      • Working with audits
      • Viewing reports
    • Configuration
      • All Settings (table)
      • Personal settings
        • My Settings
        • Manage SAP Credentials
      • Server settings and connections
        • Database connections
        • Log and report settings
        • SAP Application Servers
        • Foundation Setup
        • Workflow Administration
      • Product settings
        • Authorization Fields
        • Client Features
        • Developer Proficiency Levels
        • Policies
        • Preferences
        • System Usage Level
      • Foundation settings
        • Company Logo
        • Email Templates
        • Backups
        • Restore
        • Manage Scheduled Jobs
        • Department/Job Title
        • Out of office Delegation
        • SAP Integration Server Infrastructure
        • SAP Integration Server Tasks
  • SAP Int. Server Help
    • Using the configuration Admin Tool
    • Configuring Server settings
    • Configuring Server Manager
    • Configuring the Server Worker
    • Configuring the Worker LaunchGUI
    • Configuring RabbitMQ
    • Creating or migrating SAPIS databases
    • Configuring SAP SSO
    • Configuring SAP SSO for SAP Integration Server
    • Troubleshooting FAQ - Winshuttle SAP Integration Server
  • Workflow Help
    • Upgrading Workflow from a previous version
    • Creating a Winshuttle Form Site
    • Working with workflows
    • Managing workflow tasks
    • Workflow Administration
    • Uninstalling Workflow
  • License Mgmt. System
    • Winshuttle LMS overview
    • Configuring LMS
      • Configuring IIS/LMS for custom host names
      • Changing the async export path
      • Configuring the LMS Proxy
    • Activating an installation
    • Connecting a client application
    • Changing Personal Settings
    • Managing notifications & ordering licenses
    • Managing users and permissions
    • Viewing Reports
    • Managing Licenses
    • Winshuttle LMS lease periods and offline use
  • Reference Guides
    • Winshuttle Workflow SVConfigurator Options quick table
    • Winshuttle Workflow SV Configurator Options table with descriptions
    • Winshuttle Workflow SVService Types (A-Z)
  • Reporting APIs
    • Reporting Dashboard
    • Set up the Reporting Data Warehouse
    • Mark Fields for Reporting
    • REST API Responses By Operation
    • Reporting APIs - Overview
    • APIs
      • Assignment API
      • Forms API
      • Forms Metadata API
      • Process API
      • Solutions API
      • Users API
• Foundation 11 Product Availability Matrix
• Foundation 11 System Requirements
• Foundation 11 Help
  • Installing Foundation 11
  • Foundation 11 Menu overview
  • Foundation 11 configuration - First Tasks
  • User Governance Help
    • Creating custom document libraries
    • Adding a new Foundation Site
    • Managing licenses
    • Managing users, permissions, and roles
    • Managing content
    • Reports and audits
      • Working with audits
      • Viewing reports
    • Configuration
      • All Settings (table)
      • Personal settings
        • My Settings
        • Manage SAP Credentials
      • Server settings and connections
        • Database connections
        • Log and report settings
        • SAP Application Servers
        • Foundation Setup
        • Workflow Administration
      • Product settings
        • Authorization Fields
        • Client Features
        • Developer Proficiency Levels
        • Policies
        • Preferences
        • System Usage Level
      • Foundation settings
        • Company Logo
        • Email Templates
        • Backups
        • Restore
        • Manage Scheduled Jobs
        • Department/Job Title
        • Out of office delegations
        • SAP Integration Server Infrastructure
        • SAP Integration Server Tasks
  • SAP Int. Server Help
    • Using the configuration Admin Tool
    • Configuring Server settings
    • Configuring Server Manager
    • Configuring the Server Worker
    • Configuring the Worker LaunchGUI
    • Configuring RabbitMQ
    • Creating or migrating SAPIS databases
    • Configuring SAP SSO
    • Configuring SAP SSO for Server 11.x
    • Troubleshooting FAQ - Winshuttle SAP Integration Server
  • Workflow Help
    • Upgrading to Workflow 11.x from a previous version
    • Creating a Winshuttle Form Site
    • Working with workflows
    • Using the Form Library
    • Managing workflow tasks
    • Workflow Administration
    • Uninstalling Workflow 11.x
  • License Mgmt. System
    • Winshuttle LMS overview
    • Configuring LMS
      • Configuring IIS/LMS for custom host names
      • Changing the async export path
      • Configuring the LMS Proxy
    • Activating an installation
    • Connecting a client application
    • Changing Personal Settings
    • Managing notifications & ordering licenses
    • Managing users and permissions
    • Viewing Reports
    • Managing Licenses
    • Winshuttle LMS lease periods and offline use
  • Reference Guides
    • Winshuttle Workflow SVConfigurator Options quick table
    • Winshuttle Workflow SV Configurator Options table with descriptions
    • Winshuttle Workflow SVService Types (A-Z)
• Composer Help
  • Getting started with Composer
    • Running Composer and opening solutions
    • Composer interface overview
    • Composer solution overview (video)
    • Composer preferences
    • Importing from Designer
    • Tutorial - Vendor Master
      • Vendor Master Tutorial
      • Tutorial file downloads
  • Working with Solutions
    • What is a Winshuttle Composer Solution?
    • Recommended solution architecture
    • Solution tab overview
    • Creating/Opening a Solution
    • Adding data connections
      • Data connection overview
      • Adding database connections
      • Adding SharePoint data connections
      • Adding SOAP Web service connections
      • Adding SQL data connections
    • Working with deployment profiles
    • Working with name templates
    • Deploying solutions
    • Working with Web services and scripts
    • Working with field packs
      • Field Pack overview
      • Creating a field pack
      • Adding fields to field packs
      • Adding a field pack to a solution
      • Editing field pack elements
      • Field pack scope and versioning
    • Saving your solution
    • Solution best practices
      • Best practices for solution development
      • Migrating Composer solutions
  • Working with Workflows
    • Workflow tab overview
    • Designing an Excel workflow (Overview)
    • Working with swim lanes
    • Task locking in TeamFromRole swimlane type
    • Working with transitions
    • Working with expressions
    • Working with loops
    • Working with messages
    • Working with nodes
  • Working with Forms
    • Form tab overview
    • Working with groups
    • Working with elements
    • Working with views
    • Working with fields
      • Promoting form fields
      • Adding instructions to form fields
    • Working with labels
    • Working with rules
    • Working with arguments
    • Working with functions
      • Form functions
      • Workflow functions (Transitions)
      • Global helper functions
    • Changing layout and look
    • Translating forms to other languages
  • Composer Reference Guides
    • Workflow Nodes (A-Z)
    • Form Elements (A-Z)
    • Rules Reference Guide
      • Types of rules and rule properties
      • Rule Conditional Operators (table)
    • Plugins Guide
    • Participant Resolvers Guide
    • Developer references
      • Javascript Reference Guide
        • JavaScriptReference Guide (home)
        • JavaScript Wrappers
        • Form Functions
        • Global Helper Functions
        • JQuery Functions
        • Debugging Help
      • Developer Process Extensions
      • Working with external storage
    • Troubleshooting Composer Forms
      • Improving Form Performance
      • Tools for Troubleshooting Forms
      • Viewing Composer Log Files
    • Composer Glossary of terms
    • Solution Development Best Practice Guide
• Foundation 10 Help
  • Foundation 10 release notes
    • Central release notes
    • Server release notes
    • Workflow release notes
  • Foundation 10 system requirements
    • Winshuttle Central System Requirements
    • Winshuttle Server 10.5-10.6 system requirements
    • Winshuttle Server 10.6.1+ system requirements
    • Workflow 10.8 system requirements
    • Workflow 10.5-10.7 system requirements
  • Find Foundation 10.x product version numbers
  • Winshuttle Central Help
    • Installation
      • Before you begin
      • Step 1 - Creating a Web application
      • Step 2 - Installing the Central binaries
      • Step 3 - Creating a site collection
      • Installing Journal Entry
      • Activation
        • Activating Central
        • Assigning Central Admin Permissions
        • Activating Central Site License
      • Upgrade, Repair, or Uninstall
        • Repairing a Winshuttle Central installation
        • Uninstalling Winshuttle Central 10.x
        • Uninstalling the Journal Entry plugin
    • Configuration
      • First Tasks
      • Implementing Custom Workflows
    • Backup, Restore, Migration
      • Backup / Restore Overview
      • Backing up a Winshuttle Central site
      • Deleting Winshuttle Central backup jobs
      • Monitoring Winshuttle Central backup jobs
      • Restoring a Central site
      • Migration
        • Migration overview
        • Migrating Winshuttle Server data
        • Migrating Workflows
    • Site tasks
      • Site Menu Overview
      • Manage LDAP Connection
      • Activate Licenses
      • Backup Restore
      • Database Connection
      • Email Templates
      • Log Settings
      • Manage Application Settings
      • Manage Licenses
        • Licensing Overview
        • Assigning licenses
        • Viewing Licenes
        • Searching for users
        • Revoking or deleting licenses
        • License overview
      • Manage Master Pages
      • Manage SAP Credentials
      • Manage Scheduled Jobs
      • Workflow Configurations
    • Transaction Menu tasks
      • Transaction menu overview
      • Policies (Transaction)
      • Preferences
      • SAP Application Servers
      • Manage Client Features
      • Transaction Developer Scenarios
      • ROI charts
    • Query Menu tasks
      • Query Menu Overview
      • Policies
      • Preferences
      • SAP Application Servers
      • Developer Proficiency Level Settings
      • Authorization Field Settings
      • System Usage Level Settings
      • Query Developer Scenarios
    • Audit & Reports tasks
      • Audits & Reports Menu Overview
      • Audit Configuration
      • SharePoint Audit Report
      • Active Users
      • Client log viewer
      • Web Services Log Viewer
      • Central Roles by User
      • Central Administration Audit
    • Server Menu tasks
      • Server Menu overview
      • Transaction services
      • Query services
      • Published Web services
    • User and Group Management
      • User/group management overview (video)
      • Adding/Removing users
      • Assigning Central site/license administrators
      • Managing Central users and groups
      • Winshuttle Central Permissions table
    • SharePoint-specific tasks
      • Creating new document libraries
      • Customizing Master Pages
      • Limiting file access
      • Reviewing workflow history
  • Winshuttle Server Help
    • Installation
      • Before you begin
      • Installing Winshuttle Server 10.6.1
      • Installing Server 10.6 and earlier
      • Upgrading Winshuttle Server
      • Uninstalling Winshuttle Server
    • Configuration
      • Finding the Winshuttle Server Manager URL
      • Assigning access rights to the database (SQLite)
      • Configuring the server database
      • Configuring SAP single sign on
        • Configuring Kerberos SAP SSO logon
        • Configuring X509 SAP Netweaver SSO
        • Enabling Secure Socket Layer (SSL)
    • Server Admin Tool Guide
      • Loading the web.config configuration
      • Changing RabbitMQ settings
      • Configuring the Server Database
      • Changing Allowed User Identities
      • Query caching tab options
      • Enabling Integrated Logon
      • Configuring Execution Settings
      • Migrating databases with the Server Database Migration Tool
      • Deployment Options tab
  • Winshuttle Workflow Help
    • Workflow 10.8 and later Admin Guide
      • Installation & Activation
      • Logs & Reporting
        • Logs & Reporting Overview
        • Charts
        • Excel Workflow Data
        • Log File Viewer
        • Logging
        • Health Monitor
      • Processes
        • Processes Overview
        • Manage Background Jobs
        • Process Control
        • SVService Types (table)
      • Server Administration
        • Server Administration Overview
        • Admin Commands
        • Configuration Options
        • Database Usage Status
        • Extending Workflow
        • Farm Configuration
        • Front End Configuration
        • Licenses
        • Scheduler
        • Workflow Design Configuration
    • Workflow 10.5-10.7 Admin Guide
      • Installation
        • Preparation & Account Requirements
        • Installing
        • Configuring SVService
        • Creating a Workflow Site
        • Configuring Kerberos
          • IIS configuration
          • DNS, Active Directory, SPNs, Delegation, & SharePoint Server
          • Verifying Kernel Mode is activated
        • Upgrading/Removing Workflow
      • Configuration
        • Entering a License Key
        • Enable Page Loading
        • Configuring Email Approvals
        • Configuring Offline Forms
        • Configuring Single Sign-On
        • Configuring Dynamic Refresh
      • Workflow Administration
        • Configuring Workflow Administration
        • Running Workflow Administration
        • System Maintenance
        • Reporting (10.5-10.7)
        • Logging
        • Exporting Workflow Data
          • Export Workflow 10.5-10.7 data to SharePoint
          • Export workflow 10.5-10.7 to a Database
          • Manually Exporting Process Data
        • Migrating Solutions
        • How to mark inactive processes
        • Configuring SVService
        • Disabling email notifications
        • Migrating Data
      • FAQ
    • Workflow Participant Guide
      • Workflow particpant overview
      • Working with form workflows
      • Working with document workflows
    • Winshuttle Workflow SVAdm command guide
  • Designer Help »
  • Reference Guides
    • Winshuttle Workflow SVConfigurator Options quick table
    • Winshuttle Workflow SV Configurator Options table with descriptions
    • Winshuttle Workflow SVService Types (A-Z)

Configuring Kerberos—Overview

When Winshuttle Central and Winshuttle Workflow are hosted on servers that are separate from the Winshuttle Server, forms cannot execute a call to a published web service. This is fixed by either 'hard-coding' the credentials to the form or using Kerberos.

On this page

• Configuring Kerberos authentication: Core configuration (SharePoint Server 2010)
• Service users
• Configuration checklist

Configuring Kerberos authentication: Core configuration (SharePoint Server 2010)

Back to top

These instructions will show you how to configure Kerberos as the authentication protocol for your SharePoint 2010 server that runs Winshuttle Central, Winshuttle Workflow, and Winshuttle Designer and Winshuttle Server services.

Service users

Back to top

Two separate service user accounts are required for SharePoint and Winshuttle Server setup, one for Winshuttle Workflow/Central and one for Winshuttle Server.

The service user identity for Workflow/Central application pool user should be in the following groups on the Workflow/Central server SharePoint Server.

• ISS_WPG (IIS_IUsers)
• WSS_WPG
• WSS_ADMIN_WPG

The service user identity for Winshuttle SERVER should be in the following group on the Winshuttle Server WSServer:

• ISS_WPG (IIS_IUsers)

Configuration checklist

Back to top

The following checklist provides a brief overview of everything you must do to configure Kerberos in your environment.

Area of Configuration	Description
DNS	Register a DNS Record for WSServer
Active Directory	Create a service account for the web applications’ IIS application pool Register Service Principal Names (SPN) for the web applications on the service account created for the web applications’ IIS application pool Configure Kerberos constrained delegation for service accounts
Configure a SharePoint Server	Create SharePoint Server managed accounts Create the SharePoint web applications
IIS Configuration	Validate that Kerberos authentication is enabled Verify kernel-mode authentication is disabled
Windows 7 Client	Ensure web application URLs are in the intranet zone, or a zone configured to automatically authenticate with integrated Windows authentication (instructions not included in this guide, consult your Windows manual if you have questions)
Firewall Configuration	Open firewall ports to allow HTTP traffic in on default and non-default ports Ensure clients can connect to Kerberos Ports on the Active Directory (instructions not included in this guide, consult your firewall manufacturer if you have questions)
Test Browser Authentication	Optional: If the firewall configuration setting doesn't work, check these settings: Verify that authentication works correctly in the browser Verify logon information on the web server’s security event log