Spnego Authentication (spnego)

Controls the operation of the Simple and Protected GSS-API Negotiation Mechanism.

Attribute name Data type Default value Description
authFilterRef A reference to top level authFilter element (string).   Specifies the authentication filter reference.
canonicalHostName boolean true Controls whether you want to use the canonical host name.
disableFailOverToAppAuthType boolean true Specifies that SPNEGO is used to log in to WebSphere Application Server first. However, if the login fails, then the application authentication mechanism is used to log in to the WebSphere Application Server.
includeClientGSSCredentialInSubject boolean true Specifies whether the client delegation credentials should be stored in a client subject.
krb5Config string   Specifies the fully qualified Kerberos configuration path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path.
krb5Keytab string   Specifies the fully qualified Kerberos keytab path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path. The Kerberos keytab file contains a list of keys that are analogous to user passwords. It is important for hosts to protect their Kerberos keytab files by storing them on the local disk.
ntlmTokenReceivedErrorPageURL string   Specifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response, which is displayed by the browser client application.
servicePrincipalNames string   Specifies a list of Kerberos service principal names separated by a comma.
spnegoNotSupportedErrorPageURL string   Specifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response that is displayed by the browser client application if it does not support SPNEGO authentication.
trimKerberosRealmNameFromPrincipal boolean true Specifies whether SPNEGO removes the suffix of the Kerberos principal user name, starting from the @ that precedes the Kerberos realm name. If this attribute is set to true, the suffix of the principal user name is removed. If this attribute is set to false, the suffix of the principal name is retained.
authFilter
Description: Specifies the authentication filter reference.
Required: false
Data type:
authFilter > host
Description: A unique configuration ID.
Required: false
Data type:
Attribute name Data type Default value Description
id string   A unique configuration ID.
matchType
  • equals
  • contains
  • notContain
contains Specifies the match type.
equals
Equals
contains
Contains
notContain
Not contain
name string   Specifies the name.
authFilter > remoteAddress
Description: A unique configuration ID.
Required: false
Data type:
Attribute name Data type Default value Description
id string   A unique configuration ID.
ip string   Specifies the IP address.
matchType
  • lessThan
  • equals
  • greaterThan
  • contains
  • notContain
contains Specifies the match type.
lessThan
Less than
equals
Equals
greaterThan
Greater than
contains
Contains
notContain
Not contain
authFilter > requestUrl
Description: A unique configuration ID.
Required: false
Data type:
Attribute name Data type Default value Description
id string   A unique configuration ID.
matchType
  • equals
  • contains
  • notContain
contains Specifies the match type.
equals
Equals
contains
Contains
notContain
Not contain
urlPattern string   Specifies the URL pattern.
authFilter > userAgent
Description: A unique configuration ID.
Required: false
Data type:
Attribute name Data type Default value Description
agent string   Specifies the user agent
id string   A unique configuration ID.
matchType
  • equals
  • contains
  • notContain
contains Specifies the match type.
equals
Equals
contains
Contains
notContain
Not contain
authFilter > webApp
Description: A unique configuration ID.
Required: false
Data type:
Attribute name Data type Default value Description
id string   A unique configuration ID.
matchType
  • equals
  • contains
  • notContain
contains Specifies the match type.
equals
Equals
contains
Contains
notContain
Not contain
name string   Specifies the name.

Icon that indicates the type of topic Reference topic



Timestamp icon Last updated: Saturday, 3 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rwlp_config_spnego
File name: rwlp_config_spnego.html