+

Search Tips   |   Advanced Search

Create a redirect page for users without SPNEGO support

Create an HTML page to redirect users whose web browsers do not support SPNEGO.

If users navigate to a SPNEGO-protected webpage but their browsers do not support SPNEGO, redirect them to an HTML page that is not protected by SPNEGO.

To create an HTML page to redirect users :

  1. Create an HTML page with HTML such as that shown in the following example:
    <!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN">
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html">
    <!--
    Notes:
     - This file should be served from an unprotected website. Alternatively, 
     it can be loaded from the WAS file system.
     - Any imbedded graphics/javascript/css must be loaded from an unprotected 
     website.
     - This file is loaded after WebSphere Application Server is 
     initialized. If changes to this file are necessary, restart WebSphere Application Server.
     - This file is returned whenever the SPNEGO TAI receives an NTLM 
     token for any application in the cell. In other words, this file is 
     generic for all applications. However, using the document.location Javascipt , we can get the original URL, and redirect to that 
     original URL with the "?noSPNEGO" text added - thus forcing the standard 
     application userid/password challenge.
    -->
    <html>
    <head>
    <script language="javascript">
     var origUrl=""+document.location;
        if (origUrl.indexOf("noSPNEGO")<0) {
      if (origUrl.indexOf('?')>=0) origUrl+="&noSPNEGO";
       else origUrl+="?noSPNEGO";
     }
     function redirTimer() {
      self.setTimeout("self.location.href=origUrl;",0);
     }
    </script>
    
    <META HTTP-EQUIV = "Pragma" CONTENT="no-cache">
    <script language="javascript">
     document.write("<title> Redirect to "+origUrl+ " </title>"); 
    </script>
    </head>
    <body onLoad="redirTimer()"/>
    </html>

  2. Save the file as, for example, NoSpnegoRedirect.html on a publicly-accessible directory on the webserver. For example, IHS_server/htdocs/NoSpnegoRedirect.html.


Parent topic:
Enable single sign-on for the Windows desktop

Previous topic: Create a service principal name and keytab file

Next topic: Configure SPNEGO on WAS