SPNEGO web authentication filter commands
Use wsadmin commands to add, modify, delete, or show Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) Web authentication filters in the security configuration.
Add SPNEGO web authentication filter
Use the addSpnegoFilter command to add a new SPNEGO web authentication filter in the security configuration.
At the wsadmin prompt, enter the following command for help:
Option | Description |
---|---|
<hostName> | This parameter is required. Use to supply a fully-qualified host name. |
<krb5Realm> | This parameter is not required. Use to supply a Kerberos realm name. If the krb5Realm parameter is not specified, the default Kerberos realm name in the Kerberos configuration file is used. |
<filterCriteria> | This parameter is not required. Use to supply the HTTP request filter rules. If the filterCriteria parameter is not specified, all of the HTTP requests are authenticated by SPNEGO. |
<filterClass> | This parameter is not required. Use to supply the HTTP request filter rules. If the filterClass parameter is not specified, the default filter class, com.ibm.ws.security.spnego.HTTPHeaderFilter, is used. |
<trimUserName> | This parameter is not required. Use to indicate whether the Kerberos realm name is to be removed from the Kerberos principal name. |
<enabledGssCredDelegate> | This parameter is not required. Use to indicate whether to extract and place the client GSS delegation credential in the subject. The default value is true. |
<spnegoNotSupportedPage> | This parameter is not required. Use to supply the uniform resource identifier (URI) of the resource with a response to be used when SPNEGO is not supported. If this parameter is not specified, the default SPNEGO not supported error page is used. |
<ntlmTokenReceivedPage> | This parameter is not required. Use to supply the URI of the resource with a response to be used when an NT LAN manager (NTLM) token is received. If this parameter is not specified, the default NTLM token received error page is used. |
wsadmin>$AdminTask addSpnegoFilter {
-hostName ks.austin.ibm.com
-krb5Realm WSSEC.AUSTIN.IBM.COM}
Modify SPNEGO web authentication filter
Use the modifySpnegoFilter command to modify SPNEGO filter attributes in the security configuration.
At the wsadmin prompt, enter the following command for help:
Option | Description |
---|---|
<hostName> | This parameter is required. Use to supply a long host name. The hostname is an identifier, so you can not modify the hostname. |
<krb5Realm> | This parameter is not required. Use to supply a Kerberos realm name. If the krb5Realm parameter is not specified, the default Kerberos realm name in the Kerberos configuration file is used. |
<filterCriteria> | This parameter is not required. Use to supply
the HTTP request filter rules. If the filterCriteria parameter is
not specified, all of the HTTP requests are authenticated by SPNEGO. Note: For
more information about filter criteria, read the topic Enabling and
configuring SPNEGO web authentication using the administrative console.
|
<filterClass> | This parameter is not required. Use to supply the HTTP request filter rules. If the filterClass is not specified, the default filter class, com.ibm.ws.security.spnego.HTTPHeaderFilter, is used. |
<trimUserName> | This parameter is not required. Use to indicate whether the Kerberos realm name is to be removed from the Kerberos principal name. |
<enabledGssCredDelegate> | This parameter is not required. Use to indicate whether to extract and place the client GSS delegation credential in the subject. The default value is true. |
<spnegoNotSupportedPage> | This parameter is not required. Use to supply the URI of the resource with a response to be used when SPNEGO is not supported. If this parameter is not specified, the default SPNEGO not supported error page is used. |
<ntlmTokenReceivedPage> | This parameter is not required. Use to supply the URI of the resource with a response to be used when an NTLM token is received. If this parameter is not specified, the default NTLM token received error page is used. |
wsadmin>$AdminTask modifySpnegoFilter {
-hostName ks.austin.ibm.com
-krb5Realm WSSEC.AUSTIN.IBM.COM}
Delete SPNEGO web authentication filter
Use the deleteSpnegoFilter command to remove SPNEGO a web authentication filter from the security configuration. If a host name is not specified, all of the SPNEGO web authentication filters are removed.
At the wsadmin prompt, enter the following command for help:
Option | Description |
---|---|
<hostname> | This parameter is required. If the hostname is not specified, all of the SPNEGO web authentication filters are deleted. |
wsadmin> $AdminTask deleteSpnegoFilter {-hostName ks.austin.ibm.com}
Show SPNEGO web authentication filter
Use the showSpnegoFilter command to display a SPNEGO web authentication filter in the security configuration. If a host name is not specified, all of the SPNEGO filters are displayed.
At the wsadmin prompt, enter the following command for help:
Option | Description |
---|---|
<hostname> | This parameter is optional. If a long host name is not specified, all of the SPNEGO web authentication filters are displayed. |
wsadmin> $AdminTask showSpnegoFilter {-hostName ks.austin.ibm.com}