The IIS web server can be configured to authenticate each HTTP request or the TCP connection with a Kerberos ticket. With Airlock Gateway, HTTP requests from different users are sent over the same TCP connection to the back-end server. Under these circumstances, it is important that the IIS web server re-authenticates each request.
Chapter-related warnings
HIGH – Mitigate the risk of broken authentication
Implement one of the actions listed below to mitigate the risk:
- KeepAlive configuration for back-end connections
- Follow the appropriate chapter to disable authPersistNonNTLM: