Friday, 27 April 2012

Single sign-on for HTTP requests using SPNEGO web authentication

You can securely negotiate and authenticate HTTP requests for secured resources in WebSphere® Application Server by using the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) as the web authentication service for WebSphere Application Server.

Note: In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. 

This function was deprecated in WebSphere Application Server Version 7.0. SPNEGO web authentication has taken its place to provide the following enhancements:
• You can configure and enable SPNEGO web authentication and filters on WebSphere Application Server by using the administrative console.
• Dynamic reload of SPNEGO is provided without the need to stop and restart WebSphere Application Server.
• Fallback to an application login method is provided if the SPNEGO web authentication fails.
• SPNEGO can be customized at the WebSphere security domain level.

You can enable either SPNEGO TAI or SPNEGO Web Authentication but not both.

No comments: