New feature: Support API endpoints protected by kerberos

[brijs]

Postman doesn't seem to support authentication using kerberos, or more generally HTTP Negotiate (SPNEGO) mechanism.

The equivalent way of authenticating using kerberos via curl is something like below:

$ kinit
$ ... # enter password for user
$ curl --negotiate -u : <api_endpoint>
#200 OK

[jaxspades]

I would love to see this as a part of some of the other authentication types as well. I have endpoints that are using NTLM + Kerberos. I can't seem to get everything working with them using simply NTLM on the native windows client. They used to work with the Chrome App as Chrome was supplying my credentials behind the scenes.

[Rob-DeRosia]

Any update on when we can use Windows credentials for authentication purposes? I'd rather not store my username and password with my collection and instead have the application behave like it did with the Chrome app, passing it behind the scenes.

[ChristopherPope]

Hi, I've been waiting for Postman to support Kerberos. @a85 , since you self-assigned this ticket can I assume it will be completed soon?

Thanks.

[josezeta]

Is there any deadline or something for this feature?

[drswin01]

Is there any update on this feature?

[Ashthos]

+1. Some information/updates on this issue would be appreciated.

[mortenn]

This is a blocker for our company.

[cheahkhing]

Hi, it seems like this has been opened for quite some time without any more updates or progress. Can anyone comment on this?

[Warkdev]

Hello folks,

Are you planning to integrate kerberos authentication? That would be handy in several cases.

Regards.

[BEagle1984]

Hi guys. Any news? We badly need it over here.

[armarti]

Make a PR. It's open source. Seems like an easy issue to tackle. It's free. Anyone using this is a software developer. If you really really really need postman to handle two WWW-Authenticate headers, make postman handle two WWW-Authenticate headers. This is how you pay for free stuff.

[BEagle1984]

Make a PR. It's open source. Seems like an easy issue to tackle. It's free. Anyone using this is a software developer. If you really really really need postman to handle two WWW-Authenticate headers, make postman handle two WWW-Authenticate headers. This is how you pay for free stuff.

Makes sense, thanks for helping. Except for the fact that we are actually paying a subscription fee for our shared workspace. ;)

[raoulduke]

A definite blocker for our work. Just when the team was warming up to Postman we encounter this after I implemented our SSO. Doesn't seem to be in the works or even on the radar, no responses even for the paying customers. Moving back to Restlet/Talend.

[micheljung]

@armarti so where's the source code?

[ghost]

Darn... RIP Postman 😢

[prmichaelsen]

4 years and no dice :(

[cdavid15]

Slightly disappointing this still hasn't materialised especially when you launch the chrome app you get presented with the following:

Is there any plans for introducing support for kerberos as this single feature is preventing me from migrating away from the chrome app to the Native app?

It shouldn't bother me but seeing this popup on launch everyday frustrates me as it is not a true reflection / misleading as the native app has less features than the chrome app.

[drswin01]

@micheljung https://github.com/postmanlabs/postman-runtime/tree/develop/lib/authorizer I believe this is where authorization types are implemented for postman but I'm not 100% sure. Hopefully someone who knows a lot more about Node.js than I do can go from here. Hope this helps!

[folprates]

Hi Guys,

Any update on this?

Thanks, Fernando

[DanielBoulerice]

I am terribly sorry to learn the state of fact concerning Kerberos support in Postman. I had plans with that in our company. So I guess it worked in the plug-in because it was hosted in Chrome, is that it? Is there a way to integrate plug-ins in Postman and put authenticator functionality on a bus?

[Lonli-Lokli]

I find it easier to deploy service, returning kerberos token in corporate network based on request, instead of relying on postman roadmap

[zyystudio]

how about integrating with spnego kerberos?

[anddyson]

Really frustrating that the native app still doesn't support this, when the Chrome one is dead. As others have said, it's a big blocker to using postman for internal testing. This is from a company which might consider buying a subscription, if the tool could actually do something fairly fundamental like this.

[prusswan]

I find it easier to deploy service, returning kerberos token in corporate network based on request, instead of relying on postman roadmap

which led to something like https://github.com/genotrance/px

next step is to look for a standalone/self-contained replacement for Postman

maybe this? https://github.com/hoppscotch/hoppscotch

[vanosuzume]

I find it easier to deploy service, returning kerberos token in corporate network based on request, instead of relying on postman roadmap

which led to something like https://github.com/genotrance/px

next step is to look for a standalone/self-contained replacement for Postman

maybe this? https://github.com/hoppscotch/hoppscotch

I found a replacement for postman

maybe there is a better alternative?