WAS v8.5 > Secure applications > Authenticate users > Implement single sign-on to minimize web user authentications > Configure single sign-on capability with Tivoli Access Manager or WebSEAL

Configure single sign-on using trust association

This task is performed to enable single sign-on using trust association. Trust association is used to connect reversed proxy servers to the application server.

Use of TAIs for Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) authentication is deprecated in this release. The SPNEGO web authentication panels provide a much easier and less error-prone way to configure SPNEGO.

To establish the trust association for the single sign-on, perform the following steps:

1. From the dmgr console for WebSphere Application Server, click Security > Global security.

2. From Authentication mechanisms, click Web and SIP security > Trust association.

3. Select the Enable trust association option.

4. Under Additional properties, click the Interceptors link.

5. Click com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus to use a WebSEAL interceptor, or com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl to use a SPNEGO interceptor.

6. Under Custom properties, select a custom property to edit or click New to create a new one. Enter the property name and value pairs.

7. Click OK.

8. Save the configuration and log out.

9. Restart WAS.

Related concepts:

Trust associations

Related

Create a trusted user account in Tivoli Access Manager
Integrating third-party HTTP reverse proxy servers

+

Search Tips   |   Advanced Search