The services node defines services within the Application Gateway configuration.

This configuration is used to describe an external credential service which IAG can use to retrieve credentials for use in single sign-on to protected applications.
Each credential service must contain:

  • name
  • enc_key
  • host
  • url_pattern
  • user_attribute

This entry is an array and can be used to specify multiple credential services.

This configuration is used to describe a Kerberos configuration file which IAG can use to perform Kerberos Constrained Delegation as a means of authentication to a protected application.
The Kerberos service must contain:

  • keytab
  • keytab_spn
  • realms
  • libdefaults

keytab_spn and keytab must correspond to the service principal name and generated key table for a user which IAG will authenticate itself as. This user must have permission to perform delegated authentication.
This entry is an object and can be used to specify a single kerberos service.


Did this page help you?