Configuring the client browser to use SPNEGO
You can configure your browser to utilize the Simple and Protected GSS-API Negotiation (SPNEGO) mechanism.
Before you begin
About this task
- At the desktop, log in to the windows active directory domain.
- Activate Firefox.
- At the address field, type about:config.
- In the Filter, type network.n
- Double click on network.negotiate-auth.trusted-uris. This preference lists the sites that
are permitted to engage in SPNEGO Authentication with the browser. Enter a comma-delimited list of
trusted domains or URLs. Note: You must set the value for network.negotiate-auth.trusted-uris.
- If the deployed SPNEGO solution is using the advanced Kerberos feature of Credential Delegation double click on network.negotiate-auth.delegation-uris. This preference lists the sites for which the browser may delegate user authorization to the server. Enter a comma-delimited list of trusted domains or URLs.
- Click OK. The configuration appears as updated.
- Restart your Firefox browser to activate this configuration.
Results
Your Internet browser is properly configured for SPNEGO authentication. You can use applications that are deployed in WebSphere® Application Server that use secured resources without being repeatedly requested for a user ID and password.
Note: If
you are prompted multiple times for a user ID and password, make sure
that you enabled SPNEGO support on your client browser per the previous
instructions. You must also make sure that the Allow fall back
to application authentication mechanism support option is enabled
on the WebSphere Application Server server
side.