Enabling the SPNEGO TAI as JVM custom property using scripting (deprecated)

You use the wsadmin utility to enable the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) for WebSphere® Application Server.

Before you begin

Before starting this task, the wsadmin tool must be running. See the information about starting the wsadmin scripting client using wsadmin scripting.
Deprecated feature:

In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method.

About this task

Perform the following steps to enable the SPNEGO TAI:

Procedure

  1. Identify the server and assign it to the server1 variable:

    • Using Jacl:

      set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]
    • Using Jython:
      server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/")
print server1
    Example output: 
    server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
  2. Identify the Java™ virtual machine (JVM) belonging to this server and assign it to the jvm variable:

    • Using Jacl:

      set jvm [$AdminConfig list JavaVirtualMachine $server1]
    • Using Jython:
      jvm = AdminConfig.list('JavaVirtualMachine',server1)
    Example output: 
    (cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1)
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)
  3. Identify the controller JVM of the server:

    • Using Jacl:

      set cjvm [lindex $jvm 0]
    • Using Jython:
      # get line separator
import java
lineSeparator = java.lang.System.getProperty('line.separator')
arrayJVMs = jvm.split(lineSeparator)
cjvm = arrayJVMs[0]
  4. Modify the generic JVM arguments to enable SPNEGO TAI:

    • Using Jacl:

      set attr_name          	[list name com.ibm.ws.security.spnego.isEnabled] 
set attr_value         	[list value true] 
set attr_required      	[list required false] 
set attr_description    [list description "Enabled SPNEGO TAI"]

set attrs [list $attr_name $attr_value $attr_required $attr_description]

$AdminConfig create Property $cjvm $attrs
    • Using Jython:
      attr_name  = ['name', "com.ibm.ws.security.spnego.isEnabled"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', "Enabled SPNEGO TAI"]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(cjvm, [property])
  5. Save the configuration changes.