Many LiveCycle customers implement kerberos based SSO in their deployments.

We recently came across an interesting customer situation where SSO did not work for some domain users. To recap working scenario – If LiveCycle SSO is configured correctly, when domain user opens workspace URL from  domain machine, workspace should directly open without asking for user credentials again.

In this case, it wasn’t working for some domain users; but worked for others.

Investigating further we found that non-working users were part of 100+ AD groups resulting in a large kerberos token size.

Customer was using JBoss 4.2.1 with LiveCycle ES2.5.

---

Read the complete post at Adobe LiveCycle Blog.