+

Search Tips   |   Advanced Search

Enable the SPNEGO TAI as JVM custom property (deprecated)

Use wsadmin utility to enable the SPNEGO trust association interceptor (TAI) for WebSphere Application Server.

Before starting this task, wsadmin.sh must be running. See the information about starting the wsadmin scripting client .

Deprecated feature:

In WAS v6.1, a trust association interceptor (TAI) that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

To enable the SPNEGO TAI:

  1. Identify the server and assign it to the server1 variable:

    • Jacl:

        set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]

    • Jython: 

      server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/")
print server1

    Example output:

      server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)

  2. Identify the JVM belonging to this server and assign it to the jvm variable:

    • Jacl:

        set jvm [$AdminConfig list JavaVirtualMachine $server1]

    • Jython:

        jvm = AdminConfig.list('JavaVirtualMachine',server1)

    Example output: 

    (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1)
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)

  3. Identify the controller JVM of the server:

    • Jacl:

        set cjvm [lindex $jvm 0]

    • Jython: 

      # get line separator
import java
lineSeparator = java.lang.System.getProperty('line.separator')
arrayJVMs = jvm.split(lineSeparator)
cjvm = arrayJVMs[0]

  4. Modify the generic JVM arguments to enable SPNEGO TAI:

    • Jacl: 

      set attr_name           [list name com.ibm.ws.security.spnego.isEnabled]  set attr_value          [list value true]  set attr_ required       [list  required false]  set attr_description    [list description "Enabled SPNEGO TAI"]
 set attrs [list $attr_name $attr_value $attr_ required $attr_description]
 $AdminConfig create Property $cjvm $attrs

    • Jython: 

      attr_name  = ['name', "com.ibm.ws.security.spnego.isEnabled"]
attr_value = ['value', "true"]
attr_ required = [' required', "false"]
attr_description = ['description', "Enabled SPNEGO TAI"]
attr_list = [attr_name, attr_value, attr_ required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(cjvm, [property])

  5. Save the configuration changes.

  6. In a network deployment environment only, synchronize the node.


Related tasks

  • Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WebSphere Application Server (deprecated)
  • Use the wsadmin scripting AdminConfig object for scripted administration
  • Start the wsadmin scripting client
  • Saving configuration changes with wsadmin.sh
  • Synchronize nodes using wsdmin.sh

  • Commands for the AdminConfig object
  • SPNEGO TAI JVM configuration custom properties (deprecated)