Skip to main content
Skip table of contents

SPN Records

Overview

On your managed, domain joined machines, AppsAnywhere should be configured to automatically log the user on after they have logged into the Windows desktop machine, using Kerberos Windows Pass-through Single Sign On (SSO).

For AppsAnywhere to support Kerberos Windows Pass-through SSO, the AppsAnywhere LDAP Service account requires SPN (Service Principal Name) records to be added.

These SPN records must be created before SSO can be configured via the ACC (Appliance Configuration Console).

Configuration

The SPN record required is:

  1. HTTP/<FQDN of Load Balanced AppsAnywhere service>

e.g.

CODE 
HTTP/appsanywhere.uni.edu

Optional

For testing the following can also be added

  1. HTTP/<FQDN of Appliance(s)>

e.g.

CODE 
HTTP/appsanywhere01.uni.edu
HTTP/appsanywhere02.uni.edu

Note

  • Replace <FQDN of Load Balanced AppsAnywhere service> with the Fully Qualified Domain Name of your AppsAnywhere load balanced service

  • Replace <FQDN of Appliance(s)> with the Fully Qualified Domain Name of the AppsAnywhere appliance(s)

  • SPN records syntax is case-sensitive

  • The HTTP part of the SPN must be in uppercase

  • The FQDN in lowercase

  • A forward slash '/' should be included

SPN records can be created using the Windows setspn.exe tool or via the Attribute Editor tab within the user's account properties (via the Active Directory Administrative Center or via Active Directory Users and Computers).

For further information regarding the Microsoft setspn.exe tool please see the Microsoft documentation.

Example Commands

These must be updated and run as a domain admin on a domain joined machine.

Adding SPNs
CODE 
setspn -a HTTP/appsanywhere.uni.edu appsanywhere_ldaps
setspn -a HTTP/appsanywhere01.uni.edu appsanywhere_ldaps
setspn -a HTTP/appsanywhere02.uni.edu appsanywhere_ldaps
Removing SPNS
CODE 
setspn -d HTTP/appsanywhere.uni.edu appsanywhere_ldaps
setspn -d HTTP/appsanywhere01.uni.edu appsanywhere_ldaps
setspn -d HTTP/appsanywhere02.uni.edu appsanywhere_ldaps

Verifying Records

Listing SPNs
CODE 
setspn -l appsanywhere_ldaps
Example output

Registered ServicePrincipalNames for CN=appsanywhere_ldaps,CN=Users,DC=uni,DC=edu:
HTTP/appsanywhere.uni.edu
HTTP/appsanywhere-srv01.uni.edu
HTTP/appsanywhere-srv02.uni.edu

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close