A Kerberized Connection from the Web Gateway to InterSystems

Question

Question

"Set Up a Kerberized Connection from the Web Gateway to InterSystems IRIS " and "Configuring the Web Gateway to Connect to InterSystems IRIS Using TLS" are these two alternative options that exclude each other? Which option should I select if I want to establish a tls connection between a client (browser) and IRIS server?

Product version: IRIS 2023.3

Discussion (2)2

Log in or sign up to continue

score 0 · Answer 1 · 2024-03-05T05:28:01-05:00

Hi Yehuda,

To answer your first question you would probably either use TLS or Kerberos between the Web Gateway and IRIS.

But more to the point, from your second question what you seem to be desiring to accomplish is not securing/encrypting the communication between the Web Server (Web Gateway) and IRIS, but rather between the client (the browser for example) and the Web Server. For this you would define your Web Server (either IIS, apache or nginx for example) to accept TLS-based (HTTPS) connections/traffic.

This configuration is done on the Web Server side, not on the InterSystems IRIS, or InterSystems Web Gateway side. And you can consult the relevant Web Server documentation to do that.

You will also need relevant certificate/s.

For your convenience here are some sample relevant 3rd party documentation references -

If you use containers, Kubernetes and our Operator (IKO) all of this can be auto-configured by some simple definitions (see for example here).

(Note if you still want to also secure/encrypt the Web Gateway to IRIS communication you can of course do that as well, per the Docs you already looked at)

score 0 · Answer 2 · 2024-03-05T06:20:43-05:00

with IKO, tls for wegateway does not work at all, only loginSecret works

I expected that just define webgateway even without tls, will work, but still no