+

Search Tips   |   Advanced Search

SPNEGO TAI configuration requirements (deprecated)

The configuration used by the SPNEGO trust association interceptor (TAI) on each selected application server is governed by various system requirements.

Deprecated feature:

In WAS v6.1, a trust association interceptor (TAI) that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, the SPNEGO TAI was deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

The following list of configuration requirements highlights those attributes, properties, qualities, restrictions, exclusions, inclusions, and dependencies that we need to be aware of when planning a WAS configuration that incorporates the use of the SPNEGO TAI.

SPNEGO TAI configuration requirements.
Function item Description
SPNEGO TAI The SPNEGO TAI is a server side solution in WebSphere Application Server. Client-side applications are responsible for generating the SPNEGO token for use by the SPNEGO TAI.
Microsoft Windows Microsoft Windows Servers with Active Directory domain and its associated Kerberos key distribution center (KDC) is required. For information on the supported Microsoft Windows Servers, see the System Requirements for WebSphere Application Server v8.5 on Windows.
Client application (browser or .NET client) A browser (client application) or .NET client that supports the SPNEGO authentication mechanism, as defined in IETF RFC 2478 is required.
SPNEGO SPNEGO authentication, as defined in IETF RFC 2478 is used.
Internet browsers

Kerberos Level Kerberos version 5 is required.
WebSphere Application Server Version 7.0 is required.
Java SDK level Java 6.0 SDK is required.
Encryption Types RC4-HMAC encryption is only supported when using a Windows 2003 Server as Kerberos key distribution center (KDC).
J2EE client Client application (browser or .NET client) A browser (client application) or .NET client that supports the SPNEGO authentication mechanism, as defined in IETF RFC 2478 is required.


Related concepts

  • Single sign-on for HTTP requests using SPNEGO TAI (deprecated)


    Related tasks

  • Configure WebSphere Application Server and enabling the SPNEGO TAI (deprecated)
  • Create a single sign-on for HTTP requests using the SPNEGO TAI (deprecated)
  • Configure the JVM

  • SPNEGO TAI custom properties configuration (deprecated)
  • SPNEGO TAI JVM configuration custom properties (deprecated)
  • Use the ktab command to manage the Kerberos keytab file
    The Simple and Protected GSS-API Negotiation Mechanism (IETF RFC 2478)
    Single Sign-on Using Kerberos in Java
    Kerberos: The Network Authentication Protocol