Kerberos Authentication
Integration Server supports Kerberos authentication by processing the Kerberos tickets in the HTTP headers of service requests using the Negotiate authentication scheme. Integration Server also uses Kerberos authentication credentials passed in web service headers to authenticate web service consumers that access an Integration Server–hosted web service.
When Integration Server receives a Kerberos ticket, it contacts the KDC using the configured principal name and principal password. If the Kerberos ticket is not valid, Integration Server rejects the request.
If the Kerberos ticket is valid, Integration Server extracts the user associated with the ticket and looks for that user in the local Integration Server user store, the Central Users, or LDAP. Software AG recommends configuring the KDC as a user directory in Central Users or LDAP so Integration Server can identify and authorize the user that is part of the Kerberos ticket submitted by the client.
For instructions on configuring the user directory, see
Configuring a Central User Directory or
LDAP. For instructions on configuring Kerberos in
Integration Server, see
Configuring
Integration Server to Use Kerberos