API Management 10.4 | Using API Gateway | API Gateway Administration | Security Configuration | Kerberos Settings | Configuring API Gateway to Use Kerberos
 
Configuring API Gateway to Use Kerberos
Before you configure API Gateway to use Kerberos authentication, ensure that:
*A working Key Distribution Center (KDC) is set up.
*The KDC is configured as an LDAP directory, for authenticating incoming requests with Kerberos tickets.
*The Kerberos client is registered with the principal database of the KDC.
*The API that you want to access is registered with the KDC.
*A valid Kerberos configuration file is available.
* To configure API Gateway to use Kerberos
1. Expand the menu options icon , in the title bar, and select Administration.
2. Select Security > Kerberos.
3. Click Edit.
4. Provide or modify the following information as required:
Field
Description
Realm
Optional. The domain name of the Kerberos server, in uppercase letters.
Note: A value specified for Realm overwrites the realm set in the KDC configuration file specified in Kerberos configuration file.
Key distribution center
Optional. The host name of the machine on which the KDC resides.
A value specified for Key distribution center overwrites the default key distribution center set in the KDC configuration file specified in Configuration file.
Configuration file
The location of the Kerberos configuration file that contains the Kerberos configuration information, including the locations of KDCs, defaults for the realm and for Kerberos applications, and the host names and Kerberos realms mappings.
Use subject credentials
Specifies whether API Gateway requires a Kerberos V5 Generic Security Services (GSS) mechanism to obtain the necessary credentials from an existing subject set up by the JAAS authentication module. Here, subject represents the user or service being authenticated in the JAAS login context.
5. Click OK.

Copyright © 2015- 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release