Note: | Kerberos authentication support is available at message level and not at transport level. Kerberos authentication policy complies to the KerberosOverTransport section described in the following article, https://msdn.microsoft.com/en-us/library/aa751836(v=vs.110).aspx. Ensure that the Evaluate HTTP Basic Authentication policy is enforced and the Authenticate User option is checked. |
Note: | Before configuring Kerberos, ensure that IS must be configured to LDAP as the incoming client credentials will be authenticated to verify whether its a valid LDAP user. Also, refer to the Configuring Kerberos in Integration Server chapter in the webMethods Integration Server Administrator’s Guide to complete the prerequisites. |
Note: | Before configuring Kerberos, refer to the Configuring Kerberos in Integration Server chapter in the webMethods Integration Server Administrator’s Guide to complete the prerequisites. |
Note: | The Mediator to native service communication must be over SSL. |
Authenticate Using: Custom Credentials | ||||
Value | Description | |||
Client Principal | String. Mandatory. A valid client LDAP user name. | |||
Client Password | String. Mandatory. A valid password of the client LDAP user. | |||
Service Principal | String. Mandatory. A valid Service Principal Name (SPN). The specified value will be used by the client to obtain a service ticket from the KDC server. The SPN is created in the Active Directory (AD) by the AD domain administrator using the following command: Setspn –a <domain name>\<username> spnname For example, setspn -a eur\user1 spnname
| |||
Service Principal Name Form | The username form, for example, kerberospoc/bob1.SPARTA.RNDLAB.LOC | |||
Authenticate Using: Secure Alias | ||||
Value | Description | |||
Alias Name | String. Mandatory. Name to the alias configured. | |||
Authenticate Using: Use Existing Credentials | ||||
Service Principal | String. Mandatory. A valid Service Principal Name (SPN). The specified value will be used by the client to obtain a service ticket from the KDC server. The SPN is created in the Active Directory (AD) by the AD domain administrator using the following command: Setspn –a <domain name>\<username> spnname For example, setspn -a eur\user1 spnname
| |||
Service Principal Name Form | The username form, for example, kerberospoc/bob1.SPARTA.RNDLAB.LOC |