Kerberos-based WS-Security
You can use Kerberos authentication with WS-Security either as a service or as a client.
Kerberos is a network authentication protocol that enables mutual authentication with symmetric keys. Users and services on a network authenticate with each other through a Key Distribution Center (KDC), as a trusted third party. IBM® Integration Bus provides support for Kerberos either as a service or as a client.
You can use message flows to call web services that are secured with Kerberos by using a SOAP Request node. You can also provide web services that are secured with Kerberos by using SOAP Input Nodes. The WS-Security header passes Kerberos tokens. You can sign and encrypt either parts or all of a SOAP message by using Kerberos tokens. Signing and encrypting messages provides message integrity, confidentiality, and authenticity.
For information about Kerberos terminology and concepts, see Concepts for Kerberos security.
- For the steps needed to embed IBM Integration Bus as a client, see Configuring IBM Integration Bus as a client to a Kerberos secured Service.
- For the steps needed to configure IBM Integration Bus as a secured service, see Configuring IBM Integration Bus as a Kerberos secured Service.
- For the steps needed to configure separate Kerberos configuration files for each integration server, see Configuring separate Kerberos configuration files for each integration server.
Kerberos can also be used for transport-level security. For more information, see Providing credentials for outbound requests by using IWA.