Enable the SPNEGO TAI

You can create single sign-on requests for your HTTP server using the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) available in IBM WAS. The WebSphere Portal installation removes the SPNEGO TAI from the list of available trust association interceptors; therefore, enable the SPNEGO TAI.

To enable the Simple and Protected GSS-API Negotiation Mechanism trust association interceptor:

1. Log on to the administrative console.

2. Depending on your version of WAS, make the appropriate selection from the navigation:

   • For WAS v6.1:

     Click Security > Secure administration, applications, and infrastructure.

   • For WAS v7:

     Click Security > Global security.

3. Depending on your version of WAS, make the appropriate selection from the navigation:

   • For WAS v6.1:

     Click Web security and then click Trust association.

   • For WAS v7:

     Click Trust association under Web and SIP security.

4. Ensure that the Enable trust association check box is checked and then click Interceptors.

5. Click New and then type com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl in the Interceptor class name text field.

6. Click OK and then click the Save link to save changes to the master configuration.

For more information on using SNEGO for single sign-in HTTP requests, see the WAS Information Center.

Parent topic:

External security managers

Related information

WAS V6.1 Information Center
WAS V7 Information Center

---