Configuring Caliber Visualize Server to Enable Windows Session Credentials

The Caliber Visualize administrator must configure the following in order to enable Windows session credential logon.
  1. Open the web.xml file from <install directory>\Borland\Caliber Visualize\webapps\calibervisualize\WEB-INF\web.xml in a text editor.
  2. Change /WEB-INF/applicationContext-security.xml to /WEB-INF/applicationContext-security-iwa.xml
  3. Save the file.
  4. Get the service principal name (SPN) for your Caliber Visualize server (for example, HTTP/, keytab file (for example, visualize-server.keytab), and Kerberos configuration file (for example, krb5.conf) from the Kerberos server administrator.
  5. Save the two files to your Kerberos folder. For example, C:\krb5.
  6. Open <install directory>\Borland\Caliber Visualize\webapps\calibervisualize\WEB-INF\applicationContext-security-iwa.xml in a text editor.
  7. Replace HTTP/ with the SPN that you get in < beans:property name="servicePrincipal" value="HTTP/" />.
  8. Replace C:/krb5/visualize-server.keytab with your full keytab file path in <beans:property name="keyTabLocation" value="file:C:/krb5/visualize-server.keytab"/>.
  9. Replace C:/krb5/krb5.conf with your full krb5.conf file path in <beans:property name="krbConfLocation" value="C:/krb5/krb5.conf"/>.
  10. Save the file.
  11. Cipher suites that use AES_256 require installation of the JCE Unlimited Strength Jurisdiction Policy Files. These policy files are not shipped with Sun JDK, they need to be downloaded separately. You must download and install these files if Kerberos encryption type used to generate the keytab file is AES256.
    1. Download from
    2. Unzip the file.
    3. Copy local_policy.jar and US_export_policy.jar to replace the files with the same names at <install directory>\Borland\Caliber Visualize\jre\lib\security.
  12. Restart Caliber Visualize service.