+

Search Tips   |   Advanced Search

Create a single sign-on for HTTP requests using SPNEGO Web authentication

Creating single sign-ons for HTTP requests using the SPNEGO web authentication for WAS allows HTTP users to log in and authenticate to the Microsoft domain controller only once at their desktop, and to receive automatic authentication from the WAS.

We can enable either SPNEGO TAI or SPNEGO Web Authentication but not both.

Read about Single sign-on for HTTP requests using SPNEGO web authentication for a better understanding of what SPNEGO Web Authentication is and how it is supported in this version of WAS.

Before starting this task, complete the following checklist:

The objective of this machine arrangement is to permit users to successfully access WebSphere Application Server resources without having to authenticate again and thus achieve Microsoft Windows desktop single sign-on capability.

Configuring the members of this environment to establish Microsoft Windows single sign-on involves specific activities that are performed on three distinct machines:

Continue with the following steps to create a single sign-on for HTTP requests using SPNEGO Web authentication:

  1. Create a Kerberos service principal (SPN) and keytab file on the Microsoft domain controller machine
  2. Create a Kerberos configuration file
  3. Configure and enable SPNEGO web authentication using the administrative console on the WAS machine
  4. Configure the client application on the client application machine
  5. Create SPNEGO tokens for J2EE, .NET, Java, web service clients for HTTP requests (Optional)


Related

  1. Configure the client application on the client application machine
  2. Create SPNEGO tokens for J2EE, .NET, Java, web service clients for HTTP requests (Optional)
  3. Create a Kerberos service principal (SPN) and keytab file on the Microsoft domain controller machine
  4. Create a Kerberos configuration file
  5. Enable and configure SPNEGO web authentication using the administrative console
  6. Configure the client browser to use SPNEGO
  7. Create SPNEGO tokens for J2EE, .NET, Java, web service clients for HTTP requests
  8. Implement single sign-on to minimize web user authentications
  9. Create a Kerberos service principal name and keytab file
  10. Create a Kerberos service principal and keytab file used by the WAS SPNEGO TAI (deprecated)
  11. SPNEGO web authentication configuration commands
  12. SPNEGO web authentication filter commands
  13. SPNEGO troubleshooting tips