Configuring single sign-on using trust association
This task is performed to enable single sign-on using trust association. Trust association is used to connect reversed proxy servers to the application server.
Use of TAIs for Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) authentication is deprecated in this release. The SPNEGO web authentication panels provide a much easier and less error-prone way to configure SPNEGO.
To establish the trust association for the single sign-on, perform the following steps:
- From the console for WebSphere Application Server, click Security > Global security.
- From Authentication mechanisms, click Web and SIP security > Trust association.
- Select the Enable trust association option.
- Under Additional properties, click the Interceptors link.
- Click com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus to use a WebSEAL interceptor, or com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl to use a SPNEGO interceptor.
- Under Custom properties, select a custom property to edit or click New to create a new one. Enter the property name and value pairs.
- Click OK.
- Save the configuration and log out.
- Restart WebSphere Application Server.
Related concepts
Trust associations
Related tasks
Create a trusted user account in Tivoli Access Manager Integrate third-party HTTP reverse proxy servers