Configuring single sign-on using trust association

This task is performed to enable single sign-on using trust association. Trust association is used to connect reversed proxy servers to the application server.

Before you begin

Note: Use of TAIs for Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) authentication is deprecated in this release. The SPNEGO web authentication panels provide a much easier and less error-prone way to configure SPNEGO.

To establish the trust association for the single sign-on, perform the following steps:

Procedure

  1. From the administrative console for WebSphere® Application Server, click Security > Global security.
  2. From Authentication mechanisms, click Web and SIP security > Trust association.
  3. Select the Enable trust association option.
  4. Under Additional properties, click the Interceptors link.
  5. Click com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus to use a WebSEAL interceptor, or com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl to use a SPNEGO interceptor.
  6. Under Custom properties, select a custom property to edit or click New to create a new one. Enter the property name and value pairs.
  7. Click OK.
  8. Save the configuration and log out.
  9. Restart WebSphere Application Server.
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 17, 2014 10:32 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=tsec_step4_TAI_SSO
File name: tsec_sso_ws_step4_sso_using_TAI_for_WAS.html