Most people familiar with APIs know the role of an API Gateway, which is typically used to secure access to APIs and provide capabilities such as threat protection, rate limiting, authentication, and authorization. The Layer7 API Gateway does all of this and much, much more. This series of posts will highlight scenarios where the Layer7 API Gateway has been used to solve non-traditional API use cases.
Recently, Microsoft discontinued their Forefront Threat Management Gateway (TMG). Our customer was facing the challenge of how to avoid disruption of their business which relied on the TMG to provide Kerberos-based authentication to their backend web applications. Enter the Layer7 API Gateway. With the Layer7 API Gateway, we were able to provide this capability and actually improve their overall user experience by not only supporting their Kerberos authentication, but also enabling them to tie these web applications into their overall Single Sign-On (SSO) capability.
The Layer7 API Gateway provides a very rich and highly flexible set of capabilities that go beyond traditional API Gateway capabilities. In this scenario we were able to use the Layer7 API Gateway to orchestrate an SSO flow leveraging their existing Siteminder SSO by bridging the SSO session to provide the Kerberos authentication to their existing backend web applications without changing or disrupting these systems. The Layer7 API Gateway supports a wide variety of authentication protocols (such as Kerberos, NTLM, Mutual SSL/TLS, HTTP Basic Auth, OAuth, OpenID, SAML, WS-*, etc.) and provides the capability to bridge across these leveraging a highly flexible and powerful policy configuration.
In the end, the Layer7 API Gateway was able to quickly solve this critical business need and enrich the overall user experience across the organization. Learn more about configuring the API Gateway for Kerberos token-based authentication here.