Before you begin
Before you configure
API Gateway
to use Kerberos authentication, ensure that:
- A working Key Distribution Center (KDC) is set up.
- The KDC is configured as an LDAP directory, for authenticating
incoming requests with Kerberos tickets.
- The Kerberos client is registered with the principal database of
the KDC.
- The API that you want to access is registered with the KDC.
- A valid Kerberos configuration file is available.
About this task
To configure
API Gateway
to use Kerberos
Procedure
-
Expand the menu options icon
, in the title bar, and
select
Administration.
-
Select
Security > Kerberos.
-
Provide or modify the following information as required:
| Field
|
Description
|
| Realm
|
Optional. The domain name of the
Kerberos server, in uppercase letters.
Note: A value specified for Realm overwrites the realm
set in the KDC configuration file specified in
Kerberos configuration file.
|
| Key distribution
center
|
Optional. The host name of the
machine on which the KDC resides.
A value specified for
Key distribution center
overwrites the default key distribution center set in the KDC configuration
file specified in
Configuration file.
|
| Configuration
file
|
The location of the Kerberos
configuration file that contains the Kerberos configuration information,
including the locations of KDCs, defaults for the realm and for Kerberos
applications, and the host names and Kerberos realms mappings.
|
| Use subject
credentials
|
Specifies whether
API Gateway
requires a Kerberos V5 Generic Security Services (GSS) mechanism to obtain the
necessary credentials from an existing subject set up by the JAAS
authentication module. Here,
subject represents the user or
service being authenticated in the JAAS login context.
|
-
Click
Save.