Tuesday, 4 December 2018

SPNEGO - Not working, now working

There's a theme to my blog posts these days: -

Docker for macOS - Broken, now fixed 

Maven and Spring and Liberty - Broken, now fixed 

Kerberos and Red Hat Enterprise Linux - Now friends

so this one is all about SPNEGO and Kerberos.

Having enabled WebSphere Application Server (WAS) 9 and Windows Server 2012 R2 to play nicely together with Kerberos/SPNEGO, I was STILL seeing a logon box in Internet Explorer 11: -

I'd already checked that Integrated Windows Authentication (IWA) was enabled; this now appears to be the default: -

*BUT* guess what I'd forgotten ?

Yep, I had NOT added the site: -


to the appropriate zoneS in IE.

Now I'd already realised that IE11 no longer shows the internet/intranet/trusted zone in the status bar, BUT you can get a view using the [Alt] [F] [R] key sequence: -

Initially I added the site to the Trusted sites zone: -

but to no avail.

I then followed this: -

Configuring the client browser to use SPNEGO

and added the site to the Local intranet zone: -

which actually moves it from Trusted sites: -

and now it just works.

Nice :-)

No comments:

Grokking grep

A colleague was tinkering with grep  and, thanks to him, I discovered a bit more about the trusty little utility. I had not really explored ...