Configure a Ticket Granting Gateway
In this procedure, you will learn how to configure Kaazing WebSocket Gateway as a Ticket Granting Gateway to proxy Kerberos protocol traffic from clients to a KDC.
Before You Begin
This procedure is part of Checklist: Configure Kerberos V5 Network Authentication:
- Configuring Kerberos V5 Network Authentication Overview
- Configure a Ticket Protected Gateway
- Configure a Ticket Granting Gateway
To Configure a Ticket Granting Gateway
- Define a service (preferably using the WebSocket Secure scheme, wss://) that provides access to the Kerberos server at the authentication connection location as shown in lines 2 and 4 in the following example. Note: The default port for Kerberos traffic is 88.
<service> <accept>wss://gateway.example.com:9002/kerberos5</accept> <connect>udp://kdc.example.com:88</connect> <type>kerberos5.proxy</type> <cross-site-constraint> <allow-origin>http://gateway.example.com:8000</allow-origin> </cross-site-constraint> <cross-site-constraint> <allow-origin>https://gateway.example.com:9000</allow-origin> </cross-site-constraint> </service>
- Restart the "ticket-granting" Gateway to let the configuration changes take effect.
This allows the client to access the TGG as required by Application Negotiate authentication scheme.
Next Steps
After you configure the Gateway, ensure your clients are also configured for Kerberos. For information on creating Kaazing WebSocket Gateway client Kerberos challenge handlers, see the Howto documentation for developers.
Notes
- The session element has been deprecated. For more information, see the Session Reference documentation.
See Also
- Checklist: Configure Kaazing WebSocket Gateway for more configuration information and examples
- About Kerberos V5 Network Authentication
- Using Kerberos V5 Network Authentication with the Gateway