+

Search Tips   |   Advanced Search

Establish SSO connections through SPNEGO token

To establish an SSO connection through SPNEGO token, we enable an outbound connection policy... 

    <policy url="http://the_remote_server.com/sso-protected/*" 
        basic-auth-support="true">

     <meta-data>
          <name>hpaa.authtype</name>
          <value>spnego</value>
     </meta-data>

     <meta-data>
          <name>hpaa.slotid</name>
          <value>OutboundConnectionCredentials</value>
     </meta-data>

     <meta-data>
          <name>forward-credentials-from-vault</name>
          <value>true</value>
     </meta-data>

</policy>

This example assumes the connection...

    http://remote_server.com/sso-protected/

...is a remote site protected by an SPNEGO token.

  • The policy attribute basic-auth-support enables the authentication filter.

  • The value of the metadata parameter hpaa.authtype specifies the authentication type as SSO authentication using SPNEGO tokens.

  • The value of hpaa.slotid specifies the slot ID of the credential vault. For instructions about how to provide the user credentials of the remote connection, read Provide user credentials for authenticated connections. The slot ID identifies the Credential Vault slot for the user subject for which the SPNEGO tokens are used.

  • The metadata setting forward-credentials-from-vault specifies the credentials of the SSO authentication are gathered from the Credential Vault.


Parent Authenticating outbound HTTP connections