Use the Kerberos authentication protocol to verify the identity of a user or host. The authentication is based on tickets used as credentials, allowing communication and proving identity in a secure manner even over a non-secure network.
Integrate with Kerberos
Configure API Gateway to act both as Kerberos client and Kerberos service.
Configure API Gateway as a Kerberos client to mediate the authentication of a non-Kerberos client application to a back-end service.
Configure API Gateway as a Kerberos service to mediate the authentication of a non-Kerberos client application to a back-end service.
Kerberos constrained delegation (KCD) enables API Gateway to act as a trusted Kerberos service principal, to acquire a Kerberos service ticket in the name of the requesting end user, and to authenticate to a constrained set of Kerberos back-end services as the end user.
A client application can authenticate to API Gateway using Kerberos by way of delegating its Kerberos credentials to API Gateway, which acts as an intermediary between a Kerberos client and Kerberos back-end services
Use a KPS to store passwords and keep API Gateway in sync with Active Directory.
Use Wireshark to view the SPNEGO token data sent between a Kerberos client and service when the client authenticates to the service.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.