Enable the SPNEGO TAI as JVM custom property using scripting (deprecated)


You use the wsadmin utility to enable the SPNEGO TAI for WAS.

Before starting this task, wsadmin must be running. See the Start wsadmin article for more information.

Deprecated feature:

In WAS Version 6.1, a TAI that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WAS 7.0, this function is now deprecated. SPNEGO Web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

Perform the following steps to enable the SPNEGO TAI:

 

  1. Identify the server and assign it to the server1 variable:

    • Jacl...

      set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]

    • Jython...

      server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/") print server1

    For example...

    server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)

  2. Identify the JVM belonging to this server and assign it to the jvm variable:

    • Jacl...

      set jvm [$AdminConfig list Java VirtualMachine $server1]

    • Jython...

      jvm = AdminConfig.list('Java VirtualMachine',server1)

    For example...

    (cells/mycell/nodes/mynode/servers/server1:server.xml#Java VirtualMachine_1) (cells/mycell/nodes/mynode/servers/server1:server.xml#Java VirtualMachine_2)

  3. Identify the controller JVM of the server:

    • Jacl...

      set cjvm [lindex $jvm 0]

    • Jython...

      # get line separator import java lineSeparator = java.lang.System.getProperty('line.separator') arrayJVMs = jvm.split(lineSeparator) cjvm = arrayJVMs[0]

  4. Modify the generic JVM arguments to enable SPNEGO TAI:

    • Jacl...

      set attr_name [list name com.ibm.ws.security.spnego.isEnabled]
      set attr_value [list value true]
      set attr_required [list required false]
      set attr_description [list description "Enabled SPNEGO TAI"]
      set attrs [list $attr_name $attr_value $attr_required $attr_description]
      $AdminConfig create Property $cjvm $attrs

    • Jython...

      attr_name = ['name', "com.ibm.ws.security.spnego.isEnabled"]
      attr_value = ['value', "true"]
      attr_required = ['required', "false"]
      attr_description = ['description', "Enabled SPNEGO TAI"]
      attr_list = [attr_name, attr_value, attr_required, attr_description]
      property=['systemProperties',[attr_list]]
      AdminConfig.modify(cjvm, [property])

  5. Save the configuration changes. See the Saving configuration changes with wsadmin article for more information.

  6. In a network deployment environment only, synchronize the node. See the Synchronizing nodes with wsadmin article for more information.

 

Related tasks


Use the AdminConfig object for scripted administration
Set JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)

 

Related


Commands for the AdminConfig object
SPNEGO TAI JVM configuration custom properties (deprecated)