Integrated Windows Authentication

Integrated Windows Authentication (IWA) refers to a set of authentication protocols, NTLM, Kerberos, and SPNEGO, that are used to provide transport-level security. You can configure IBM® Integration Bus to provide an IWA-secured service on an integration node running on any operating system, and to consume an IWA-secured service on an integration node running on Windows, when you are using the HTTP, SOAP, and REST nodes.

IWA provides authentication to users who have an identity in Windows domains or in the Kerberos Key Distribution Center (KDC). IWA includes the protocols NT Lan Manager (NTLM), Kerberos, and Simple and Protected Negotiation (SPNEGO):
NTLM
A family of Microsoft security protocols that are used to secure access to resources within and across Windows domains. NTLM is also known as Windows Challenge/Response.
Kerberos
An authentication protocol (defined by RFC 4120), developed by The Massachusetts Institute of Technology, which allows resources to be secured by using a trusted third party, the Kerberos KDC.
SPNEGO
An open standard (RFC 4559) for negotiating an underlying security mechanism. SPNEGO is used to negotiate the use of either NTLM or Kerberos.

You can use IWA with the HTTPInput and SOAPInput nodes to provide a service. For more information on configuring IBM Integration Bus to provide an IWA-secured service, see Authenticating incoming requests with IWA on Windows and Authenticating incoming requests with IWA on Linux or UNIX.

To consume an IWA-secured service, use the HTTPRequest, SOAPRequest, and RESTRequest nodes. For more information on configuring this scenario, see Providing credentials for outbound requests by using IWA. You can consume an IWA-secured service only if IBM Integration Bus is running on Windows. You cannot use the HTTPAsyncRequest, SOAPAsyncRequest, or RESTAsyncRequest nodes to consume a remote service that is secured with Integrated Windows Authentication (IWA).

You can also use IWA when using Microsoft SQL Server to record and replay data.