Configure the Internet Explorer client for SPNEGO protocol in IBM Security Verify Access for Web

Configure the Internet Explorer client

If we use Internet Explorer, configure the browser to use the SPNEGO protocol.

We must configure the Internet Explorer client to use the SPNEGO protocol to negotiate authentication mechanisms. Consult the Microsoft Internet Explorer documentation for configuration instructions.
Keep the following points in mind during the configuration:

The Internet Explorer browser must recognize the WebSEAL server as an Intranet site. Otherwise, the Internet Explorer client does not automatically send an SPNEGO authorization token for the logged in user to the WebSEAL server. The Internet Explorer client must add the WebSEAL server to the Intranet Sites list.
If required, we can add the WebSEAL server to the Trusted Sites instead of Intranet Sites.
By default, Automatic logon occurs only in the Intranet zone. Therefore, we must create a Custom Security Level for Trusted Sites that sets the User Authentication > Logon setting to Automatic logon. We must provide the current user name and password for this configuration.
We must configure Internet Explorer 6 to enable single sign-on. Use the menu item for Internet Options... and select the Advanced tab.
The Windows client must use the correct DNS name to access the WebSEAL server. When an incorrect DNS name is used, Internet Explorer might attempt to use NT LAN Manager (NTLM) protocol to contact WebSEAL. WebSEAL does not support NTLM.

Parent topic: Configure Windows desktop single sign-on