Kerberos-based WS-Security

You can use Kerberos authentication with WS-Security either as a service or as a client.

Kerberos is a network authentication protocol that enables mutual authentication with symmetric keys. Users and services on a network authenticate with each other through a Key Distribution Center (KDC), as a trusted third party. IBM® Integration Bus provides support for Kerberos either as a service or as a client.

You can use message flows to call web services that are secured with Kerberos by using a SOAP Request node. You can also provide web services that are secured with Kerberos by using SOAP Input Nodes. The WS-Security header passes Kerberos tokens. You can sign and encrypt either parts or all of a SOAP message by using Kerberos tokens. Signing and encrypting messages provides message integrity, confidentiality, and authenticity.

For information about Kerberos terminology and concepts, see Concepts for Kerberos security.

You can configure IBM Integration Bus to act as a Kerberos secured service or as a client to a Kerberos secured service. Install a Kerberos KDC and configure it to contain all the principals that are required by the environment, then configure for a service or client. For more information about configuring Kerberos, see your host Kerberos documentation.

Kerberos can also be used for transport-level security. For more information, see Providing credentials for outbound requests by using IWA.