Configure SPNEGO on IBM HTTP Server 

Configure and enable SPNEGO on IBM HTTP Server.

About this task

Edit the httpd.conf file to direct a user to an unprotected web page after the user logs out of IBM Connections. The setting described in this task prevents SPNEGO from presenting a login page to the user after the user has logged out.

To configure SPNEGO to redirect the user after logging out...


  1. Open the httpd.conf file in a text editor. The httpd.conf file is located by default in the following directory

    • AIX : /usr/IBM/HTTPServer/conf

    • Linux™: /opt/IBM/HTTPServer/conf

    • Windows™: C:\IBM\HTTPServer\conf

  2. The rewrite_module is required. Ensure that the following line is not commented out in the httpd.conf file:

      LoadModule rewrite_module modules/

      If the line is prefixed with a number symbol (#), remove the symbol.

  3. Add the following statements to the end of the file:

      RewriteEngine On

      RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)

      RewriteCond %{QUERY_STRING} !=logoutExitPage=<your-logout-url>

      RewriteRule /(.*)/ibm_security_logout(.*) /$1/ibm_security_logout?logoutExitPage=<your-logout-url> [noescape,L,R]

      where <your-logout-url> is an unprotected URL that users are directed to after logging out of IBM Connections.

  4. Save and close the httpd.conf file.

  5. Restart IBM HTTP Server.

Parent topic

Enable single sign-on for the Windows desktop
Previous topic: Configure the backend authenticator
Next topic: Configure web browsers to support Kerberos

Related tasks

Enable single sign-on for Tivoli Access Manager with SPNEGO

August 20, 2011


Aug 20, 2011 1:46:47 PM 1