You use the wsadmin utility to enable the Simple and Protected GSS-API Negotiation
Mechanism (SPNEGO) trust association interceptor (TAI) for WebSphere® Application
Server.
Before you begin
Before starting this task, the wsadmin tool must be running. See the information about
starting the wsadmin scripting client using wsadmin scripting. Deprecated feature:
In WebSphere
Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and
Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP
requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now
deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO
filters and to enable fallback to the application login method.
About this task
Perform the following steps to enable the SPNEGO TAI:
Procedure
-
Identify the server and assign it to the
server1
variable:
-
Using Jacl:
set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]
-
Using
Jython:
server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/")
print server1
Example output:
server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
-
Identify the Java™ virtual machine (JVM) belonging to this server and assign it to the
jvm
variable:
-
Using Jacl:
set jvm [$AdminConfig list JavaVirtualMachine $server1]
-
Using Jython:
jvm = AdminConfig.list('JavaVirtualMachine',server1)
Example output:
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1)
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)
-
Identify the controller JVM of the server:
-
Using Jacl:
-
Using
Jython:
# get line separator
import java
lineSeparator = java.lang.System.getProperty('line.separator')
arrayJVMs = jvm.split(lineSeparator)
cjvm = arrayJVMs[0]
-
Modify the generic JVM arguments to enable SPNEGO TAI:
-
Using Jacl:
set attr_name [list name com.ibm.ws.security.spnego.isEnabled]
set attr_value [list value true]
set attr_required [list required false]
set attr_description [list description "Enabled SPNEGO TAI"]
set attrs [list $attr_name $attr_value $attr_required $attr_description]
$AdminConfig create Property $cjvm $attrs
-
Using
Jython:
attr_name = ['name', "com.ibm.ws.security.spnego.isEnabled"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', "Enabled SPNEGO TAI"]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(cjvm, [property])
-
Save the configuration changes.