Enable SPNEGO for WebSEAL

We must configure WebSEAL to enable SPNEGO.

Steps

1. From the top menu of the LMI, select Web > Manage > Reverse Proxy. The Reverse Proxy management page displays.

2. Select the reverse proxy instance to manage.

3. Select Edit.

4. Select the Authentication tab.

5. In the Kerberos Authentication settings, select HTTPS for the Transport field to enable SPNEGO over SSL. This Transport field in the LMI sets the value of the spnego-auth entry in the [spnego] stanza in the WebSEAL configuration file.

6. Optional: Edit the [spnego] stanza in the WebSEAL configuration file to enable adding the security identifier (SID) of the user as an extended attribute to the credential during authentication.

   [spnego]
   spnego-sid-attr-name = attribute_name

   where attribute_name defines the name of the attribute that stores the SID.
   • Click Save.

   • Deploy the updates as described in Deploying WebSEAL updates in the LMI.
   • Restart the reverse proxy instance as described in WebSEAL instance management.

Parent topic: Configure Windows desktop single sign-on