Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Implement single sign-on to minimize web user authentications > Create a single sign-on for HTTP requests using the SPNEGO TAI (deprecated) > Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)
Enable the SPNEGO TAI as JVM custom property using scripting (deprecated)
You use the wsadmin utility to enable the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) for WAS. See the information about starting the wsadmin scripting client using wsadmin scripting.
Deprecated feature:
In WAS v6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WAS 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat
Perform the following steps to enable the SPNEGO TAI:
Procedure
- Identify the server and assign it to the server1 variable:
### Jacl
set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]### Jython
server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/") print server1
Example output:
server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
- Identify the Java virtual machine (JVM) belonging to this server and assign it to the jvm variable:
### Jacl
set jvm [$AdminConfig list JavaVirtualMachine $server1]### Jython
jvm = AdminConfig.list('JavaVirtualMachine',server1)
Example output:
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1) (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)
- Identify the controller JVM of the server:
### Jacl
set cjvm [lindex $jvm 0]### Jython
# get line separator import java lineSeparator = java.lang.System.getProperty('line.separator') arrayJVMs = jvm.split(lineSeparator) cjvm = arrayJVMs[0]
- Modify the generic JVM arguments to enable SPNEGO TAI:
### Jacl
set attr_name [list name com.ibm.ws.security.spnego.isEnabled] set attr_value [list value true] set attr_required [list required false] set attr_description [list description "Enabled SPNEGO TAI"] set attrs [list $attr_name $attr_value $attr_required $attr_description] $AdminConfig create Property $cjvm $attrs### Jython
attr_name = ['name', "com.ibm.ws.security.spnego.isEnabled"] attr_value = ['value', "true"] attr_required = ['required', "false"] attr_description = ['description', "Enabled SPNEGO TAI"] attr_list = [attr_name, attr_value, attr_required, attr_description] property=['systemProperties',[attr_list]] AdminConfig.modify(cjvm, [property])
- Save the configuration changes.
- In a network deployment environment only, synchronize the node.
Use the wsadmin scripting AdminConfig object for scripted administration
Start the wsadmin scripting client using wsadmin.sh
Saving configuration changes with wsadmin.sh
Synchronize nodes using wsadmin.sh
Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)
Related
Commands for the AdminConfig object using wsadmin.sh
SPNEGO TAI JVM configuration custom properties (deprecated)