Configuring unconstrained delegated authentication for CCS

You need to configure unconstrained delegation only if your deployment contains a standalone installation of the Directory Server.
  1. To configure a service account with unconstrained delegation
  2. Identify the user accounts that you want to use as the service accounts for DSS and Application Server.
  3. Enable delegation for the Application Server’s service account. By default, the user is set to
    Do not trust this user for delegation
    .
    To enable a service account, in the user properties, go to the
    Delegation
    tab and select the option,
    Trust this user for delegation to any service (Kerberos only)
    .
  4. After the product is installed, configure delegation for the Application Server in the following manner:
    • In the CCS Console, go to
      Settings > System Topology > Map View
      or go to
      Settings > System Topology > Grid View
      .
    • Select the Application Server component, and right-click on
      Edit Settings
      .
    • In the
      Edit Settings
      dialog box, select the
      Application Server > Basic
      option in the left pane.
    • For the
      Authentication type
      option, select
      Use controlled delegation of security rights
      in the right pane.
    • Click
      Save
      .
  5. Restart the DSS and the Application Server computer so that the delegation settings can take effect.