Configure the Gateway for Kerberos Token-Based Authentication
Many organizations authenticate to a Windows environment as part of their overall security structure for internal users. Using the , you can extend the Kerberos framework to include identity and protocol mapping to other formats, such as SAML Tokens and client-based authentication (SSL certificates).
gateway83
Many organizations authenticate to a Windows environment as part of their overall security structure for internal users. Using the
API Gateway
, you can extend the Kerberos framework to include identity and protocol mapping to other formats, such as SAML Tokens and client-based authentication (SSL certificates).Contents:
Kerberos Workflow Diagram
Kerberos Workflow Diagram 01
- Initiate back and forth with KDC and TGS to produce a service ticket
- Present service ticket to SecureSpan Gateway for validation
- Request session from KDC
- Decrypts Service Ticket and initiates service request
- Two steps:
- Authentication initiated:
- Delegated Kerberos
- SAML
- Client Mutual Authentication
- Request sent through to back-end web services
- Response sent back to client through the Secure Span Gateway
Prerequisites
Before you configure Kerberos for use within the
API Gateway
, ensure that you have the following:- A standard user in the Active Directory. This is the service user for the Gateway.Ensure that the "Use DES encryption types for this account" check box in the Account tab of the user properties isnotselected:
- Access to the Windowsktpasscommand
- Administrator privileges within the Policy Manager
- Access to the following assertions:
Configuration Workflow
Kerberos Workflow
