Kerberos-based WS-Security

You can use Kerberos authentication with WS-Security either as a service or as a client.

Kerberos is a network authentication protocol that enables mutual authentication with symmetric keys. Users and services on a network authenticate with each other through a Key Distribution Center (KDC), as a trusted third party. IBM® App Connect Enterprise provides support for Kerberos either as a service or as a client.

You can use message flows to call web services that are secured with Kerberos by using a SOAP Request node. You can also provide web services that are secured with Kerberos by using SOAP Input Nodes. The WS-Security header passes Kerberos tokens. You can sign and encrypt either parts or all of a SOAP message by using Kerberos tokens. Signing and encrypting messages provides message integrity, confidentiality, and authenticity.

For information about Kerberos terminology and concepts, see Concepts for Kerberos security.

You can configure IBM App Connect Enterprise to act as a Kerberos secured service or as a client to a Kerberos secured service. Install a Kerberos KDC and configure it to contain all the principals that are required by the environment, then configure for a service or client. For more information about configuring Kerberos, see your host Kerberos documentation.

For the steps needed to embed IBM App Connect Enterprise as a client, see Configuring IBM App Connect Enterprise as a client to a Kerberos secured Service.
For the steps needed to configure IBM App Connect Enterprise as a secured service, see Configuring IBM App Connect Enterprise as a Kerberos secured Service.
For the steps needed to configure separate Kerberos configuration files for each integration server, see Configuring separate Kerberos configuration files for each integration server.