Configure JVM properties and enabling SPNEGO TAI in WebSphere Application Server
Performing this task helps you, as Web administrator, to ensure that WAS is configured to enable the operation of the Simple and Protected GSS-API Negotiation mechanism (SPNEGO) trust association interceptor (TAI) with the required JVM property. We need to know how to use the WAS administrative console to manage the security configuration and have the proper authority to modify the security configuration of the appserver.
Overview
Complete the following steps to enable the operation of the SPNEGO TAI by setting the JVM required property.
Procedure
- Log on to console.
- Click Servers > Application servers.
- Select the appropriate server. Under Server Infrastructure, expand Java and process management > Process Definition.
- Click Java virtual machine. Under Additional Properties, click Custom Properties. Create a new custom property, if required, by clicking New, then code com.ibm.ws.security.spnego.isEnabled in the name field and true in the value field.
- Click Apply > OK to save the configuration
Results
The appserver is configured and ready to provide a single sign-on environment for end users who have successfully authenticated in a Microsoft Active Directory domain. You must restart each appserver that is configured for SPNEGO Web authentication.
Enabling the SPNEGO TAI using scripting
SPNEGO TAI JVM configuration attributes
Related concepts
Single sign-on for HTTP requests using SPNEGO
Related tasks
Configure SPNEGO TAI in WAS
Configure the Web browser to use SPNEGO
Configure WAS environment to use SPNEGO