Configuring WebSphere Application Server and enabling the SPNEGO TAI (deprecated)

Performing this task helps you, as Web administrator, to ensure that WebSphere® Application Server is properly configured to enable the operation of the Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI).

Before you begin

You need to know how to use the WebSphere Application Server administrative console to manage the security configuration and have the proper authority to modify the security configuration of the application server.
Deprecated feature Deprecated feature:

In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now deprecated. SPNEGO Web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method.

depfeat

About this task

Complete the following steps to enable the operation of the SPNEGO TAI.

Procedure

  1. Log on to the WebSphere Application Server administrative console.
  2. Click Security > Global security.
  3. Expand Web security and click Trust association.
  4. Under the General Properties heading, select the Enable trust association check box, then click Interceptors.
  5. Select the SPNEGO TAI in the list of interceptors.
  6. Then click Custom properties.
  7. Click New and then fill in the Name and Value fields. Click OK. Repeat this step for each custom property that you want to apply to the SPNEGO TAI. See SPNEGO TAI custom properties configuration (deprecated) for a complete list of SPNEGO TAI custom properties.
    Note: It is recommended that you use the wsadmin utility to manage the SPNEGO TAI properties. You can add, modify, and delete SPNEGO TAI properties as well as display them using wsadmin. See Adding SPNEGO TAI properties using the wsadmin utility (deprecated) to add, Modifying SPNEGO TAI properties using the wsadmin utility (deprecated) to modify, and Deleting SPNEGO TAI properties using the wsadmin utility (deprecated) to delete SPNEGO TAI properties.
  8. After you finish defining your custom properties, click Save to store the updated SPNEGO TAI configuration.
  9. Optional: If an alias for a connecting host name is added dynamically after the application server is started, you need to configure the alias. Refer to the Using an alias host name for SPNEGO TAI or SPENGO web authentication using the administrative console (deprecated) topic.

Results

Your SPNEGO TAI configuration is now configured for WebSphere Application Server.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=tsec_SPNEGO_config_tai
File name: tsec_SPNEGO_config_tai.html