Tuesday, 4 December 2018

SPNEGO - Not working, now working

There's a theme to my blog posts these days: -

Docker for macOS - Broken, now fixed 

Maven and Spring and Liberty - Broken, now fixed 

Kerberos and Red Hat Enterprise Linux - Now friends

so this one is all about SPNEGO and Kerberos.

Having enabled WebSphere Application Server (WAS) 9 and Windows Server 2012 R2 to play nicely together with Kerberos/SPNEGO, I was STILL seeing a logon box in Internet Explorer 11: -




I'd already checked that Integrated Windows Authentication (IWA) was enabled; this now appears to be the default: -




*BUT* guess what I'd forgotten ?

Yep, I had NOT added the site: -

https://was.uk.ibm.com

to the appropriate zoneS in IE.

Now I'd already realised that IE11 no longer shows the internet/intranet/trusted zone in the status bar, BUT you can get a view using the [Alt] [F] [R] key sequence: -




Initially I added the site to the Trusted sites zone: -



but to no avail.

I then followed this: -

Configuring the client browser to use SPNEGO

and added the site to the Local intranet zone: -



which actually moves it from Trusted sites: -



and now it just works.


Nice :-)

No comments:

Fun with OpenSSL Certificate Requests and space characters in Subject Names

I've got a command within a Dockerfile that generates a Certificate Service Request, via the openssl req  command. This references an ...