You configure WebSphere Application Server to use SPNEGO
authentication, as part of configuration to use Windows desktop single
sign-on with InfoSphere® Information Governance Catalog or IBM® Glossary Anywhere.
About this task
You configure WebSphere® Application Server to
recognize the Kerberos keytab file. As part of this configuration,
you enter predefined filter criteria for InfoSphere Information Governance Catalog.
Procedure
- Follow the instructions from step 1 through step 8a for
enabling and configuring SPNEGO web authentication for WebSphere Application Server:
Note: On the WebSphere Application Server Integrated
Console Security > Global Security page,
make sure that in the Authentication section, Authentications
mechanisms and expiration is set to LPTA.
Do not select Kerberos and LPTA or SWAM
(Deprecated).
- Complete step 8b by entering the Kerberos realm name that
you configured in Active Directory.
- Use the following filter criteria to complete step 8c in
the instructions linked to above:
request-url^=ibm/iis/igc/services|ibm/iis/igc/secure;request-url!=noSPNEGO
- Complete step 8g in the instructions linked to in step
1: Select Trim Kerberos realm from principal name.
- Complete the remaining steps in the instructions for enabling
and configuring SPNEGO web authentication.