Integrate with Kerberos

Integrate API Gateway with Kerberos authentication using Kerberos SPNEGO authentication.

Kerberos authentication

Use the Kerberos authentication protocol to verify the identity of a user or host. The authentication is based on tickets used as credentials, allowing communication and proving identity in a secure manner even over a non-secure network.

API Gateway as both Kerberos client and service

Configure API Gateway to act both as Kerberos client and Kerberos service.

API Gateway as a Kerberos client

Configure API Gateway as a Kerberos client to mediate the authentication of a non-Kerberos client application to a back-end service.

API Gateway as a Kerberos service

Configure API Gateway as a Kerberos service to mediate the authentication of a non-Kerberos client application to a back-end service.

Kerberos constrained delegation

Kerberos constrained delegation (KCD) enables API Gateway to act as a trusted Kerberos service principal, to acquire a Kerberos service ticket in the name of the requesting end user, and to authenticate to a constrained set of Kerberos back-end services as the end user.

Kerberos unconstrained delegation

A client application can authenticate to API Gateway using Kerberos by way of delegating its Kerberos credentials to API Gateway, which acts as an intermediary between a Kerberos client and Kerberos back-end services

Store passwords for Kerberos authentication

Use a KPS to store passwords and keep API Gateway in sync with Active Directory.

Wireshark tracing for Kerberos authentication

Use Wireshark to view the SPNEGO token data sent between a Kerberos client and service when the client authenticates to the service.