I'm currently utilizing the "Require Windows Integrated Authentication Credentials" assertion but I've noticed that during debugging the kerberos.data context variable is not being set and populated, however the realm seems to be set just fine.
Does anyone know what would cause this? According to API Gateway my keytab is valid.
I'm hoping to use the kerberos.data context variable to grab the Username of the client making the request to API gateway.
If I am not mistaken the variable mentioned is added with the following assertion.
'Require WS-Security Kerberos Token"
Have you authored a policy that included that assertion?
I selected Publish WebAPI so I'm not sure if this assertion is supported?
According to the policy manager, it appears that the "Require Windows Integrated Authentication Credentials" assertion is supposed to set the following context variables unless I'm misunderstanding it? I see kerberos.realm set but I'm not seeing kerberos.data set when viewing in the service debugger.
So I did find a work around. After speaking with CA Support it was suggested to look into using the request.username context variable. This only solves part of my issue though.
Since the kerberos.data context variable is not being set, it appears that I'm unable to use the Use Windows Integrated and Use Delegated Credentials option in subsequent HTTP(S) Routing Assertions.