WAS v8.5 > Secure applications > Authenticate users > Implement single sign-on to minimize web user authentications > Create a single sign-on for HTTP requests using the SPNEGO TAI (deprecated) > Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)Enable the SPNEGO TAI as JVM custom property using scripting (deprecated)
Use wsadmin utility to enable the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) for WebSphere Application Server.
Before starting this task, wsadmin must be running. See the information about starting the wsadmin scripting client using wsadmin.sh.
Deprecated feature:
In WAS v6.1, a TAI that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WAS 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat Perform the following steps to enable the SPNEGO TAI:
- Identify the server and assign it to the server1 variable:
Jacl:
set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]
Jython:
server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/") print server1
Example output:
server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
- Identify the JVM belonging to this server and assign it to the jvm variable:
Jacl:
set jvm [$AdminConfig list JavaVirtualMachine $server1]
Jython:
jvm = AdminConfig.list('JavaVirtualMachine',server1)
Example output:
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1) (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)- Identify the controller JVM of the server:
Jacl:
set cjvm [lindex $jvm 0]
Jython:
# get line separator import java lineSeparator = java.lang.System.getProperty('line.separator') arrayJVMs = jvm.split(lineSeparator) cjvm = arrayJVMs[0]
- Modify the generic JVM arguments to enable SPNEGO TAI:
Jacl:
set attr_name [list name com.ibm.ws.security.spnego.isEnabled] set attr_value [list value true] set attr_required [list required false] set attr_description [list description "Enabled SPNEGO TAI"] set attrs [list $attr_name $attr_value $attr_required $attr_description] $AdminConfig create Property $cjvm $attrsJython:
attr_name = ['name', "com.ibm.ws.security.spnego.isEnabled"] attr_value = ['value', "true"] attr_required = ['required', "false"] attr_description = ['description', "Enabled SPNEGO TAI"] attr_list = [attr_name, attr_value, attr_required, attr_description] property=['systemProperties',[attr_list]] AdminConfig.modify(cjvm, [property])
- Save the configuration changes.
Related
Configure JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WAS (deprecated)
Use the wsadmin scripting AdminConfig object for scripted administration
Start the wsadmin scripting client using wsadmin.sh
Save configuration changes with wsadmin
Reference:
Commands for the AdminConfig object using wsadmin.sh
SPNEGO TAI JVM configuration custom properties (deprecated)