Integrated windows auth (NTLM) alternative?

andrewa.chin · April 20, 2023, 7:11am

Hi All,

I was trying to get some forum assistance possibly on this design issue I’ve come across running webMethods Integration Server.

SETUP:
webMethods Integration Server needs to communicate to a REST API hosted in IIS windows server.
I would like to keep windows authentication in place on my REST API end point

so following the documentation…

Note:
The WmWin32 package is deprecated as of Integration Server 7.1.

Software AG support have also responded with that NTLM is not supported

Kerberos seems to be the next solution, but there does not seem to be any documentation on how to setup kerberos in such a way that the integrated windows credentials (currently used to run the Integration Server) can be used to initiate the kerberos KDC call to authenticate the REST API call.

NOTE: It works perfectly fine when I follow the rest of the instructions for Activating Integrated Windows Authentication

(sorry links cant be posted)

The windows credentials are only available internally in the domain.
Am I missing something ?

Cheers,
Andrew.

John_Carter4 · April 20, 2023, 7:31am

Hi Andrew,
The NTLM feature will still work. However, even Microsoft no longer recommend it as it is not very secure. It was invented along side Windows 3.1 and has not kept pace with modern security requirements.

Microsoft recommends either Kerberos or LDAP via Active Directory.

Here is Microsoft’s introduction to using Kerberos

Can’t help you much more than that as I don’t have a Windows machine, I’m on a Mac.

regards,
John.

system · October 17, 2023, 7:31am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.