As members of the DataPower support group, we frequently work with customers who have a need to connect their client applications to backend servers that are secured with Kerberos authentication. Inevitably, a large number of these customers have questions regarding how to configure a gateway or proxy to support this type of client and server solution. Kerberos can be a confusing and complicated technology to set up for the first time, which probably explains the frequency of questions related to this topic.
This 2-part article series titled "Configuring a WebSphere DataPower Kerberos-secured backend server", de-mystifies the work required to set up a WebSphere DataPower configuration that uses a Kerberos-secured backend server.
The first article, Part 1: "Using the DataPower Web Graphical User Interface", describes how to create these configurations in a static fashion using the DataPower Web Graphical User Interface.
The second article, Part 2: "Using a DataPower custom stylesheet for client user ID authentication", describes how to dynamically generate Kerberos tokens using the DataPower custom stylesheet dp:get-kerberos-apreq method so that all of the client requests are sent to the web application using the end client Kerberos user ID.
We hope you find this information helpful. If you have questions or need assistance please contact IBM WebSphere DataPower support through the online service request tool.