+

Search Tips   |   Advanced Search

Enable the SPNEGO TAI as JVM custom property using scripting (deprecated)

We use the wsadmin utility to enable the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) for WebSphere Application Server.

See the information about starting the wsadmin scripting client using wsadmin.sh.

Deprecated feature:

In WAS v6.1, a trust association interceptor (TAI) that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WAS 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method.

depfeat

Perform the following steps to enable the SPNEGO TAI:


Tasks

  1. Identify the server and assign it to the server1 variable:

    • Jacl:

      set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]
    • Jython: 
      server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/")
print server1

    Example output: 

    server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
  2. Identify the Java virtual machine (JVM) belonging to this server and assign it to the jvm variable:

    • Jacl:

      set jvm [$AdminConfig list JavaVirtualMachine $server1]
    • Jython: 
      jvm = AdminConfig.list('JavaVirtualMachine',server1)

    Example output: 

    (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1)
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)
  3. Identify the controller JVM of the server:

    • Jacl:

      set cjvm [lindex $jvm 0]
    • Jython: 
      # get line separator
import java
lineSeparator = java.lang.System.getProperty('line.separator')
arrayJVMs = jvm.split(lineSeparator)
cjvm = arrayJVMs[0]

  4. Modify the generic JVM arguments to enable SPNEGO TAI:

    • Jacl:

      set attr_name          	[list name com.ibm.ws.security.spnego.isEnabled] 
set attr_value         	[list value true] 
set attr_required      	[list required false] 
set attr_description    [list description "Enabled SPNEGO TAI"]

set attrs [list $attr_name $attr_value $attr_required $attr_description]

$AdminConfig create Property $cjvm $attrs
    • Jython: 
      attr_name  = ['name', "com.ibm.ws.security.spnego.isEnabled"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', "Enabled SPNEGO TAI"]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(cjvm, [property])

  5. Save the configuration changes.
  6. In a network deployment environment only, synchronize the node.

  • Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)
  • wsadmin AdminConfig
  • Start the wsadmin scripting client
  • Save wsadmin configuration changes
  • Synchronize nodes
  • Commands for the AdminConfig object
  • SPNEGO TAI JVM configuration custom properties (deprecated)