Configuring a SPNEGO filter in WebSphere Application Server

Configuring a SPNEGO filter in WebSphere Application Server for compatibility with 5.x client versions

About this task

Note: If your organization has Rational® Team Concert® 5.x Eclipse clients, you must configure WebSphere® Application Server with SPNEGO authentication with a special filter. Similarly, if you add Rational Quality Manager to your deployment and use Rational Quality Manager native clients, you must configure WebSphere Application Server with SPNEGO authentication with this filter.

Fallback authentication and the SPNEGO filter function independently. For example, if you configure a filter for new clients, you can still disable fallback authentication.

Procedure

  1. Open the WebSphere Application Server Integrated Solutions Console.
  2. Click Security > Global Security > Web and SIP security > SPNEGO web authentication.
  3. In the SPNEGO Filters section, select the appropriate Key Distribution Center (KDC) host name.
  4. Under General Properties, in the Filter criteria field, enter the following value.
    user-agent^=Mozilla|Opera|spnego-enabled
    Note: The user-agent property selectively enables SPNEGO for web clients and version 6.0 Eclipse clients that support Kerberos/SPNEGO authentication. Older clients are challenged with application authentication; these clients are not served with Kerberos/SPNEGO authentication.
  5. Repeat steps 3 and 4 for each host name that serves clients.