Configuring New Web Services for Kerberos Authentication
If you are creating a new REST, SOAP, WSDL, or XML/HTTP data source that needs to use Kerberos authentication, follow the steps in this section.
Follow these steps to implement Kerberos authentication where TDV is the client:
2. Create a new Web service for the REST, SOAP, WSDL, or XML/HTTP data source and publish a resource to the new Web service.
For information about publishing Web resources, see “Publishing Resources to a Web Service” in the TDV User Guide.
3. For a REST Web service, follow these steps:
a. Open the REST Web service that you want to configure for Kerberos authentication.
b. Select the REST tab.
c. Set the following Service properties to configure the Web service for Kerberos:
— Enabled: true
— Enable HTTP Negotiate: true
4. For a SOAP or WSDL Web service, follow these steps:
a. Open the SOAP or WSDL Web service that you want to configure for Kerberos authentication.
b. Select the SOAP tab.
c. Set the following Service properties to configure the Web service for Kerberos:
— Enabled: true
— Security Policy: /policy/security/system/Http-Negotiate-Authentication.xml
5. In Studio, create a new REST, SOAP, WSDL, or XML/HTTP data source, specifying the following parameters on the Basic tab.
a. REST connection parameters are shown in the following table:
Connection Type | Parameters to Specify |
REST | Base URL: URL to access this REST data source using the syntax: Login: <LDAP login for this domain> Password: <LDAP password for this domain> Pass-through Login: Disabled Authentication: NEGOTIATE Domain: not available Service Principal Name: HTTP@<machine>.<domain> Method: For the XML/HTTP protocol, under Operations, the specification for HTTP Verb must be POST or GET. |
b. SOAP connection parameters are shown in the following table:
Connection Type | Parameters to Specify |
SOAP | URL: <URL to access this SOAP data source> Login: <LDAP login for this domain> Password: <LDAP password for this domain> Pass-through Login: Disabled Authentication: NEGOTIATE Domain: <LDAP domain name> Service Principal Name: HTTP@<machine>.<domain> |
c. WSDL connection parameters are shown in the following table:
Connection Type | Parameters to Specify |
WSDL Connection Information | URL: <URL to access this WSDL> Login: <LDAP login for this domain> Password: <LDAP password for this domain> Pass-through Login: Disabled Authentication: NEGOTIATE Domain: not available Service Principal Name: HTTP@<machine>.<domain> |
d. XML/HTTP connection parameters are shown in the following table:
Connection Type | Parameters to Specify |
XML/HTTP Connection Information | URL: <URL to access this WSDL> Login: <LDAP login for this domain> Password: <LDAP password for this domain> Pass-through Login: Disabled Authentication: NEGOTIATE Domain: not available Service Principal Name: HTTP@<machine>.<domain> Method: For the XML/HTTP protocol, under Operations, the specification for HTTP Verb must be POST or GET. |
6. Verify that the connection works:
a. Introspect the REST, SOAP, or WSDL data source.
b. Open the Web service operation and run it.