Integration Server supports Kerberos authentication by processing the Kerberos tickets in the HTTP headers of service requests using the Negotiate authentication scheme. Integration Server also uses Kerberos authentication credentials passed in web service headers to authenticate web service consumers that access an Integration Server–hosted web service.

When Integration Server receives a Kerberos ticket, it contacts the KDC using the configured principal name and principal password. If the Kerberos ticket is not valid, Integration Server rejects the request.

If the Kerberos ticket is valid, Integration Server extracts the user associated with the ticket and looks for that user in the local Integration Server user store, the Central Users, or LDAP. Software AG recommends configuring the KDC as a user directory in Central Users or LDAP so Integration Server can identify and authorize the user that is part of the Kerberos ticket submitted by the client.

For complete information about Kerberos authentication, see Configuring Integration Server to Use Kerberos. For instructions on configuring the user directory, see Configuring a Central User Directory or LDAP.