Set the client browser to use SPNEGO TAI (deprecated)


Configure the browser to utilize the Simple and Protected

GSS-API Negotiation (SPNEGO) mechanism. Authentication of the browser requests are processed by the SPNEGO TAI in the WAS. we need to know how to display and set options in the Microsoft Internet Explorer browser or any other browser (such as Firefox). You must have a browser installed that supports SPNEGO authentication.

Deprecated feature:

In WAS V6.1, a TAI that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WAS 7.0, this function is now deprecated. SPNEGO Web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

Complete the following steps to ensure that the Microsoft Internet Explorer browser is enabled to perform SPNEGO authentication.

 

  1. At the desktop, log in to the windows active directory domain.

  2. Activate Internet Explorer.

  3. In the Internet Explorer window, click Tools > Internet Options > Security tab.

  4. Select the Local intranet icon and click Sites.

  5. In the Local intranet window, verify the "check box" to include all local (intranet) not listed in other zones is selected, then click Advanced.

  6. In the Local intranet window, fill in the Add this Web site to the zone field with the Web address of the host name so that the SSO can be enabled to the list Web sites shown in the Web sites field. Your site information technology staff provides this information. Click OK to complete this step and close the Local intranet window.

  7. On the Internet Options window, click the Advanced tab and scroll to Security settings. Verify the Enable Integrated Windows Authentication (requires restart) box is selected.

  8. Click OK. Restart the Microsoft Internet Explorer to activate this configuration.

 

Results

Complete the following steps to ensure that the Firefox browser is enabled to perform SPNEGO authentication.

  1. At the desktop, log in to the windows active directory domain.

  2. Activate Firefox.

  3. At the address field, type about:config.

  4. In the Filter, type network.n

  5. Double click on network.negotiate-auth.trusted-uris. This preference lists the sites that are permitted to engage in SPNEGO Authentication with the browser. Enter a comma-delimited list of trusted domains or URLs.

    You must set the value for network.negotiate-auth.trusted-uris.

  6. If the deployed SPNEGO solution is using the advanced Kerberos feature of Credential Delegation double click on network.negotiate-auth.delegation-uris. This preference lists the sites for which the browser may delegate user authorization to the server. Enter a comma-delimited list of trusted domains or URLs.

  7. Click OK. The configuration appears as updated.

  8. Restart the Firefox browser to activate this configuration.

Your Internet browser is properly configured for SPNEGO authentication. Use applications that are deployed in WAS that use secured resources without being repeatedly requested for an ID and password.

 

Related concepts


Single sign-on for HTTP requests using SPNEGO TAI (deprecated)

 

Related tasks


Set WAS and enabling the SPNEGO TAI (deprecated)
Set JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)
Create a single sign-on for HTTP requests using the SPNEGO TAI (deprecated)

 

Related


Single sign-on capability with SPNEGO TAI - checklist (deprecated)