Hi,
If we have a API proxy that needs both Kerberos Authentication and OAuth policy applied.
Currently, we see a conflict in the header
1. OAuth bearer token needs to be passed as Authorization header in the HTTP request
2. The SPENEGO negotiation header also needs to be passed as an Authrization header for Kerberos handshakes.
So its a conflict here as you can see
How can we resolve this? Any suggestions?
Thanks
Regarding, SPNEGO token and OAuth token, You can take one of them using some other header & do the mediation in Apigee Edge.
Hope it helps.
-------------------------------
Anil Sagar
So we have the mediation between Oauth and Kerberos working along the lines of what you suggested. It works from curl but now we are making the smart doc for our token request. The API responds with the WWW-Authenticate Negotiate header but the smart doc never sends the second request.
This is our token request api. First it uses the java callout to perform kerberos authentication, then it generates an oauth token. The java callout repsonds with a 401 that contains the WWW-Authenticate with a value of Negotiate. In when using curl or postman the trace shows a second request. But when the initial request comes from smart docs on the developer portal, the second request is never made.
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |