You use the wsadmin utility to enable the Simple and Protected
GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor
(TAI) for WebSphere® Application Server.
Before you begin
Before starting this task, the wsadmin tool must be running.
See the information about starting the wsadmin scripting client using
wsadmin scripting. Deprecated feature: In WebSphere Application
Server Version 6.1, a trust association interceptor (TAI) that uses
the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to
securely negotiate and authenticate HTTP requests for secured resources
was introduced. In WebSphere Application Server
7.0, this function is now deprecated. SPNEGO web authentication has
taken its place to provide dynamic reload of the SPNEGO filters and
to enable fallback to the application login method.
About this task
Perform the following steps to enable the SPNEGO TAI:
Procedure
- Identify the server and assign it to the
server1
variable:
Using Jacl:
set server1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/]
Using
Jython:
server1 = AdminConfig.getid("/Cell:mycell/Node:mynode/Server:server1/")
print server1
Example output:
server1(cells/mycell/nodes/mynode|servers/seerver1|server.xml#Server_1)
- Identify the Java™ virtual
machine (JVM) belonging to this server and assign it to the
jvm
variable:
Using Jacl:
set jvm [$AdminConfig list JavaVirtualMachine $server1]
Using
Jython:
jvm = AdminConfig.list('JavaVirtualMachine',server1)
Example output:
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_1)
(cells/mycell/nodes/mynode/servers/server1:server.xml#JavaVirtualMachine_2)
- Identify the controller JVM of the server:
Using Jacl:
Using
Jython:
# get line separator
import java
lineSeparator = java.lang.System.getProperty('line.separator')
arrayJVMs = jvm.split(lineSeparator)
cjvm = arrayJVMs[0]
- Modify the generic JVM arguments to enable SPNEGO TAI:
Using Jacl:
set attr_name [list name com.ibm.ws.security.spnego.isEnabled]
set attr_value [list value true]
set attr_required [list required false]
set attr_description [list description "Enabled SPNEGO TAI"]
set attrs [list $attr_name $attr_value $attr_required $attr_description]
$AdminConfig create Property $cjvm $attrs
Using
Jython:
attr_name = ['name', "com.ibm.ws.security.spnego.isEnabled"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', "Enabled SPNEGO TAI"]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(cjvm, [property])
- Save the configuration changes.