+

Search Tips   |   Advanced Search

Configuring single sign-on using trust association

This task is performed to enable single sign-on using trust association. Trust association is used to connect reversed proxy servers to the application server.

Use of TAIs for Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) authentication is deprecated in this release. The SPNEGO web authentication panels provide a much easier and less error-prone way to configure SPNEGO.

To establish the trust association for the single sign-on, perform the following steps:

  1. From the console for WebSphere Application Server, click Security > Global security.

  2. From Authentication mechanisms, click Web and SIP security > Trust association.

  3. Select the Enable trust association option.

  4. Under Additional properties, click the Interceptors link.

  5. Click com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus to use a WebSEAL interceptor, or com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl to use a SPNEGO interceptor.

  6. Under Custom properties, select a custom property to edit or click New to create a new one. Enter the property name and value pairs.

  7. Click OK.

  8. Save the configuration and log out.

  9. Restart WebSphere Application Server.


Related concepts

  • Trust associations


    Related tasks

  • Create a trusted user account in Tivoli Access Manager
  • Integrate third-party HTTP reverse proxy servers