<spnId> |
This parameter is optional.
It is the SPN identifier for the group of custom properties that are to be
defined with this command. If you do not specify this parameter, an unused
SPN identifier is assigned. |
<host> |
This parameter is required. It
specifies the host name portion in the SPN used by the SPNEGO TAI to establish
a Kerberos secure context. |
<filter> |
This parameter is optional.
It defines the filtering criteria used by the class specified with the above
attribute. If you do not specify this parameter, all HTTP requests are subject
to SPNEGO authentication. |
<filterClass> |
This parameter is optional.
It specifies the name of the Java class used by the SPNEGO TAI to select which
HTTP requests will be subject to SPNEGO authentication. If you do not specify
this paramter, the default filter class, com.ibm.ws.security.spnego.HTTPHeaderFilter,
is used. |
<noSpnegoPage> |
This parameter is optional.
It specifies the URL of a resource that contains the content the SPNEGO TAI
will include in the HTTP response to be displayed by the (browser) client
application if it does not support SPNEGO authentication.If you do not
specify the noSpnegoPage paramter then the default is used: "<html><head><title>SPNEGO
authentication is not supported.
</title></head>" +
"<body>SPNEGO authentication is
not supported on this client.
</body></html>";
|
<ntlmTokenPage> |
This parameter is optional.
It specifies the URL of a resource that contains the content the SPNEGO TAI
will include in the HTTP response that is to be displayed by the (browser)
client application when the SPNEGO token received by the interceptor (after
the challenge-response handshake) contains a NT LAN manager (NTLM) token instead
of the expected SPNEGO token.If you do not specify the ntlmTokenPage parameter
then the default is used: "<html><head><title>An NTLM
Token was received.</title></head>"
+ "<body>Your browser configuration
is correct, but you have not
logged into a supported Windows
Domain."
+ "<p>Please login to the application
using the normal login page.</html>";
|
<trimUserName> |
This parameter is optional.
It specifies whetheror not the SPNEGO TAI is to remove the suffix of the principal
user name, starting from the "@" that precedes the Kerberos realm name. If
this parameter is set to true, the suffix of the principal
user name is removed. If this paramter is set to false, the
suffix of the principal name is retained. The default value used is true. |