Rather than pass the traverseRelationships Boolean to the instance method toJSON(traverseRelationships) in User.Widget, could you change URL map/URL route to use a QueryString parameter? 
eg 1. http://{{SERVER}}:{{WEB_PORT}}/widgetsdirect/rest/Stephen?traverseRelationships=true
eg2.
http://{{SERVER}}:{{WEB_PORT}}/widgetsdirect/rest/Stephen?traverseRelationships=false

How do you map URL querystring parameters to the %CSP.REST class in HTTP Get Requests?

I think Kerberos is only required if you a connecting to a MS SQL Server database from a non-Windows environment using the JDBC driver.  If you are in a Windows environment you will probably use NTLMv2. SQL Squirrel can be used for troubleshooting connection strings or you can write a simple console based Java application. You might also check the account outside of using JDBC using SQL Server Management Studio. You need to verify your system requirements are correct for the JRE/JDK/JDBC version and the MS SQL Server version. Depending on your version requirements the connection string will vary.    

Consider the line in C#

CACHEObject.ContainerImco containerImco = new CACHEObject.ContainerImco(cacheConnection);

Does this 'ContainerImco' object have a constructor that takes in a CacheConnection object?  Have you opened the connection?

From the error it looks like its failing when trying to get the connection. It seems a bit weird to have a collection of CacheConnection objects.

You would probably get a syntax error if LD resolved to an empty string ("").  I would put a trace/watchpoint on LD or alternatively log its contents to a global to verify it is not null. You might also want to check the definition #define LDAPServer $Get(^OSUMCLDAP("Server")) to see if it is correct and verify whether it should or should not contain a port number.

Here's another sample SimpleBinds() operation using server ldapserver1.mycoolcompany.com port 51000

/// Return 1 if LDAP SimpleBind successful.
/// Return 0 if LDAP SimpleBind unsuccessful
ClassMethod Connect(ByRef Username As %String, ByRef Password As %String) As %Boolean {
   set userContext = "uid="_Username_",ou=aixuser,cn=aixsecdb,cn=aixdata,o=mycoolcompany_aix"
   set ldapConnection = ##class(%SYS.LDAP).Init("ldapserver1.mycoolcompany.com",51000)
   set status =##class(%SYS.LDAP).SimpleBinds(ldapConnection,userContext,Password)
   if (status=$$$LDAPSUCCESS)
   {
      write !, "LDAP SimpleBind Successful!"
      return 1
    }
   else
   {
       write !,"LDAP SimpleBind failed!"
       write !,"Error code : ",status
       write !,"Error message : ",##Class(%SYS.LDAP).Err2String(status)
       return 0
    }
}

The Init() method documentation has some good troubleshooting tips under 'Error Codes' for connecting using SSL/TLS

I am enjoying this tutorial and the cursor name thing did confuse me for a little bit. In addition, you need to have

SET widgetObj = {}

somewhere in your code otherwise, it won't compile. Is there anyway to contribute on the Github page? There doesn't appear to be repo I can submit pull requests to.

Minus one (-1) is commonly used for a null reference error. Verify your certificate is in the PEM format, verify it exists in the relative path defined in your global and refer to the documentation in the %SYS.LDAP.StartTLSs  and %SYS.LDAP.SetOption methods. You might want to test passing in a raw string value pointing to the certificate file, just to rule out any directory parsing errors.

Note that some of attribute values are case sensitive.

INCORRECT

<Route Url="/:name" Method="GET" Call="HelloWorld" Cors="False" />

CORRECT

<Route Url="/:name" Method="GET" Call="HelloWorld" Cors="false" />

My preferred approach would be to use the ZBREAK utility but you could also potentially use ^%SYS.MONLBL. You can use ZBREAK for setting breakpoints or watchpoints or tracing line-by-line execution.  You could even set it at the beginning of your ZAUTHENTICATE routine itself rather than a shell session.  There is a bug with this utility regarding the use of round-brackets for setting a group of variables to a value, which I have documented here and with WRC.

To trace every line of execution:

ZBREAK /TRACE:ALL:"/your/file/location/trace.log"

To trace when particular lines are executed

ZBREAK /TRACE:ON:"/your/file/location/trace.log"
Error^ZAUTHENTICATE:"T"
+42^ZAUTHENTICATE:"T"

To format the log file to remove blank lines for better readability.

sed  '/^$/d' /your/file/location/trace.log