Java virtual machine (JVM) custom properties control the operation of the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI).
Custom Property Name | Required | Value Type | Default Value | Recommended Value |
---|---|---|---|---|
com.ibm.ws.security.spnego.isEnabled | No | Boolean | False | True |
com.ibm.ws.security.spnego.propertyReloadFile | No | String | None | For WindowsC:\temp\TAI.propsFor UNIX /tmp/TestTAI.Properties |
com.ibm.ws.security.spnego.propertyReloadTimeout | No | Integer | None | 120 |
com.ibm.ws.security.spnego.useHttpFilterClass2 | No | Boolean | False | True |
A sample of this reload file follows:
########################################################## # Template properties files for SPNEGO TAI # # Where possible defaults have been provided. # ########################################################## #--------------------------------------------------------- # Hostname #--------------------------------------------------------- #com.ibm.ws.spnego.SPN1.HostName=wsecurity.austin.ibm.com #--------------------------------------------------------- # (Optional) SpnegoNotSupportedPage #--------------------------------------------------------- #com.ibm.ws.spnego.SPN1.SpnegoNotSupportedPage= #--------------------------------------------------------- # (Optional) NTLMTokenReceivedPage #--------------------------------------------------------- #com.ibm.ws.spnego.SPN1.NTLMTokenReceivedPage= #--------------------------------------------------------- # (Optional) FilterClass #--------------------------------------------------------- #com.ibm.ws.spnego.SPN1.FilterClass=com.ibm.ws.spnego.HTTPHeaderFilter #--------------------------------------------------------- # (Optional) Filter #--------------------------------------------------------- #com.ibm.ws.spnego.SPN1.Filter=
When this property is set to true the following filter specification works properly.
user-agent!=IBM Web Services Explorer;request-url!=noSPNEGO
If this property is set to false, or is not specified, the preceding filter does not work properly.
Custom Property Name | Required | Value Type | Default Value | Recommended Value |
---|---|---|---|---|
java.security.properties | No | String | None | |
com.ibm.security.jgss.debug | No | String | None | "off" or "all" |
com.ibm.security.krb5.Krb5Debug | No | String | None | "off" or "all" |
javax.security.auth.useSubjectCredsOnly | Yes | Boolean | True | False |