Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Implement single sign-on to minimize web user authentications > Create a single sign-on for HTTP requests using the SPNEGO TAI (deprecated) > Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)


Enable the SPNEGO TAI as JVM custom property using scripting (deprecated)

You use the wsadmin utility to enable the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) for WAS. See the information about starting the wsadmin scripting client using wsadmin scripting.

Deprecated feature:

In WAS v6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WAS 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

Perform the following steps to enable the SPNEGO TAI:


Procedure

  1. Identify the server and assign it to the server1 variable:

      ### Jacl

      set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]
      

      ### Jython

      server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/")
      print server1
      

    Example output:

    server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
    

  2. Identify the Java virtual machine (JVM) belonging to this server and assign it to the jvm variable:

      ### Jacl

      set jvm [$AdminConfig list JavaVirtualMachine $server1]
      

      ### Jython

      jvm = AdminConfig.list('JavaVirtualMachine',server1)
      

    Example output:

    (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1)
    (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)
    
    

  3. Identify the controller JVM of the server:

      ### Jacl

      set cjvm [lindex $jvm 0]
      
      

      ### Jython

      # get line separator
      import java
      lineSeparator = java.lang.System.getProperty('line.separator')
      arrayJVMs = jvm.split(lineSeparator)
      cjvm = arrayJVMs[0]
      
      

  4. Modify the generic JVM arguments to enable SPNEGO TAI:

      ### Jacl

      set attr_name           [list name com.ibm.ws.security.spnego.isEnabled]
      set attr_value          [list value true]
      set attr_required       [list required false]
      set attr_description    [list description "Enabled SPNEGO TAI"]
      
      set attrs [list $attr_name $attr_value $attr_required $attr_description]
      
      $AdminConfig create Property $cjvm $attrs
      

      ### Jython

      attr_name  = ['name', "com.ibm.ws.security.spnego.isEnabled"]
      attr_value = ['value', "true"]
      attr_required = ['required', "false"]
      attr_description = ['description', "Enabled SPNEGO TAI"]
      attr_list = [attr_name, attr_value, attr_required, attr_description]
      property=['systemProperties',[attr_list]]
      AdminConfig.modify(cjvm, [property])
      

  5. Save the configuration changes.

  6. In a network deployment environment only, synchronize the node.


Use the wsadmin scripting AdminConfig object for scripted administration
Start the wsadmin scripting client using wsadmin.sh
Saving configuration changes with wsadmin.sh
Synchronize nodes using wsadmin.sh
Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)


Related


Commands for the AdminConfig object using wsadmin.sh
SPNEGO TAI JVM configuration custom properties (deprecated)

+

Search Tips   |   Advanced Search