+

Search Tips   |   Advanced Search

Configure WebSphere Application Server and enabling the SPNEGO TAI (deprecated)

Performing this task helps you, as web administrator, to ensure that WebSphere Application Server is properly configured to enable the operation of the Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI).

You need to know how to use the WAS administrative console to manage the security configuration and have the proper authority to modify the security configuration of the application server.

Deprecated feature:

In WAS v6.1, a trust association interceptor (TAI) that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

Complete the following steps to enable the operation of the SPNEGO TAI.

  1. Log on to the WAS administrative console.

  2. Click Security > Global security.

  3. Expand Web security and click Trust association.

  4. Under the General Properties heading, select the Enable trust association check box, then click Interceptors.

  5. Select the SPNEGO TAI in the list of interceptors.

  6. Then click Custom properties.

  7. Click New and then fill in the Name and Value fields. Click OK. Repeat this step for each custom property to apply to the SPNEGO TAI. See SPNEGO TAI custom properties configuration (deprecated) for a complete list of SPNEGO TAI custom properties.

    IBM recommends that you use the wsadmin utility to manage the SPNEGO TAI properties. We can add, modify, and delete SPNEGO TAI properties as well as display them using wsadmin. See Add SPNEGO TAI properties using the wsadmin utility (deprecated) to add, Modify SPNEGO TAI properties using the wsadmin utility (deprecated) to modify, and Delete SPNEGO TAI properties using the wsadmin utility (deprecated) to delete SPNEGO TAI properties.

  8. After finishing defining the custom properties, click Save to store the updated SPNEGO TAI configuration.

  9. Optional: If an alias for a connecting host name is added dynamically after the application server is started, we need to configure the alias. Refer to the Use an alias host name for SPNEGO TAI or SPENGO web authentication using the administrative console (deprecated) topic.


Results

Your SPNEGO TAI configuration is now configured for WebSphere Application Server.


Subtopics


Related concepts

  • Single sign-on for HTTP requests using SPNEGO TAI (deprecated)


    Related tasks

  • Configure the client browser to use SPNEGO TAI (deprecated)
  • Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WebSphere Application Server (deprecated)
  • Create a single sign-on for HTTP requests using the SPNEGO TAI (deprecated)

  • The Kerberos configuration file