Enforcement Point | (Only for SOAP-based APIs). You can select the level at which the Kerberos inbound authentication support is available. | |
Value | Description | |
Transport Level | To use Kerberos over Transport Level. | |
Message Level | To use Kerberos over Message Level. | |
Service Principal Name | (String). A valid SPN. The specified value will be used by the client or the server to obtain a service ticket from the KDC server. The SPN is created in the Active Directory (AD) by the AD domain administrator using the following command: Setspn –a <domain name>\<username> spnname For example, setspn -a eur\user1 spnname The Service Principal Name is supported as a user name and a host name based form. Note: The Service Principal Name is supported in the username based format. This format represents the principal name as a named user defined in the LDAP or central user directory used for authentication to the KDC. | |
Service Principal Password | (String). A valid password of the SPN user or the SPN host. For example, if the setspn command is set for the domain user eur\user1, this field represents the password set for the domain user eur\user1. | |
Identify Consumer | (String). The list of consumers against which the Kerberos token must be validated for identifying requests from a particular client or server. | |
Value | Description | |
Do Not Identify | Mediator forwards the request to the native API, without identifying the consumer application(in global/registered consumer list) that corresponds to the principal identified after successful Kerberos authentication. | |
Global Consumers | (Default). Mediator tries to identify the consumer based on principal that it set after successful Kerberos authentication against the list of global consumer applications in Mediator. | |
Registered Consumers | Mediator tries to identify the consumer based on principal that it set after successful Kerberos authentication against the list of consumer applications who are registered as consumers for the specified API. |