Tuesday, 4 December 2018

WebSphere Application Server (WAS) and Single Sign-On (SSO) - Back to 2011

It's been a while since last I did this, but I'm revisiting the happy days of 2011, when first I setup WAS and SSO with Microsoft Active Directory, Kerberos and SPNEGO.

I even presented upon the topic in 2012: -

IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, Kerberos and SPNEGO

Whilst I've done the SPNEGO piece time and again, the thing that I'd not done in a while was to configure the fallback login page.

Thankfully, the IBM Connections documentation to which I referred back in 2012 is still there, albeit in more recent form: -

Configuring SPNEGO (and Kerberos optionally) on WebSphere Application Server

The significant thing is to create a fallback login page, using the HTML example here: -


This was then hosted on the IBM HTTP Server (IHS) service that fronts the WAS 9 environment: -

/opt/ibm/HTTPServer/htdocs/NoSpnegoRedirect.html

which I then configured in WAS: -


Now, when I hit my servlet via a clean browser: -

https://was.uk.ibm.com:8443/HelloAgain/HelloAgain

I automatically get a login page: -

Note that the URL automatically gets ?noSPNEGO : -

https://was.uk.ibm.com:8443/HelloAgain/login.html?noSPNEGO

thanks to the filter criteria: -



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...