spnego - Spnego Authentication (spnego)

Controls the operation of the Simple and Protected GSS-API Negotiation Mechanism.

NameTypeDefaultDescription
authFilterRefA reference to top level authFilter element (string).Specifies the authentication filter reference.
canonicalHostNamebooleantrueControls whether you want to use the canonical host name.
krb5ConfigstringSpecifies the fully qualified Kerberos configuration path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path.
krb5KeytabstringSpecifies the fully qualified Kerberos keytab path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path. The Kerberos keytab file contains a list of keys that are analogous to user passwords. It is important for hosts to protect their Kerberos keytab files by storing them on the local disk.
servicePrincipalNamesstringSpecifies a list of Kerberos service principal names separated by a comma.
disableFailOverToAppAuthTypebooleantrueSpecifies that SPNEGO is used to log in to WebSphere Application Server first. However, if the login fails, then the application authentication mechanism is used to log in to the WebSphere Application Server.
spnegoNotSupportedErrorPageURLstringSpecifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response that is displayed by the browser client application if it does not support SPNEGO authentication.
ntlmTokenReceivedErrorPageURLstringSpecifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response, which is displayed by the browser client application.
trimKerberosRealmNameFromPrincipalbooleantrueSpecifies whether SPNEGO removes the suffix of the Kerberos principal user name, starting from the @ that precedes the Kerberos realm name. If this attribute is set to true, the suffix of the principal user name is removed. If this attribute is set to false, the suffix of the principal name is retained.
includeClientGSSCredentialInSubjectbooleantrueSpecifies whether the client delegation credentials should be stored in a client subject.

authFilter

Specifies the authentication filter reference.

authFilter > webApp

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.
namestringSpecifies the name.
matchType
  • contains
  • notContain
  • equals
containsSpecifies the match type.
contains
Contains
notContain
Not contain
equals
Equals

authFilter > requestUrl

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.
urlPatternstringSpecifies the URL pattern.
matchType
  • contains
  • notContain
  • equals
containsSpecifies the match type.
contains
Contains
notContain
Not contain
equals
Equals

authFilter > remoteAddress

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.
matchType
  • contains
  • notContain
  • equals
  • lessThan
  • greaterThan
containsSpecifies the match type.
contains
Contains
notContain
Not contain
equals
Equals
lessThan
Less than
greaterThan
Greater than
ipstringSpecifies the IP address.

authFilter > host

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.
namestringSpecifies the name.
matchType
  • contains
  • notContain
  • equals
containsSpecifies the match type.
contains
Contains
notContain
Not contain
equals
Equals

authFilter > userAgent

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.
agentstringSpecifies the user agent
matchType
  • contains
  • notContain
  • equals
containsSpecifies the match type.
contains
Contains
notContain
Not contain
equals
Equals