Configure a Ticket Granting Gateway

In this procedure, you will learn how to configure Kaazing WebSocket Gateway as a Ticket Granting Gateway to proxy Kerberos protocol traffic from clients to a KDC.

Before You Begin

This procedure is part of Checklist: Configure Kerberos V5 Network Authentication:

  1. Configuring Kerberos V5 Network Authentication Overview
  2. Configure a Ticket Protected Gateway
  3. Configure a Ticket Granting Gateway

To Configure a Ticket Granting Gateway

  1. Define a service (preferably using the WebSocket Secure scheme, wss://) that provides access to the Kerberos server at the authentication connection location as shown in lines 2 and 4 in the following example. Note: The default port for Kerberos traffic is 88.
    <service>
      <accept>wss://gateway.example.com:9002/kerberos5</accept>
      <connect>udp://kdc.example.com:88</connect>
      <type>kerberos5.proxy</type>
      <cross-site-constraint>
        <allow-origin>http://gateway.example.com:8000</allow-origin>
      </cross-site-constraint>
      <cross-site-constraint>
        <allow-origin>https://gateway.example.com:9000</allow-origin>
      </cross-site-constraint>
    </service>
  2. Restart the "ticket-granting" Gateway to let the configuration changes take effect.

This allows the client to access the TGG as required by Application Negotiate authentication scheme.

Next Steps

After you configure the Gateway, ensure your clients are also configured for Kerberos. For information on creating Kaazing WebSocket Gateway client Kerberos challenge handlers, see the Howto documentation for developers.

Notes

  • The session element has been deprecated. For more information, see the Session Reference documentation.

See Also

TOP