You can configure your browser to utilize the Simple and Protected
GSS-API Negotiation (SPNEGO) mechanism. Authentication of your browser
requests are processed by the SPNEGO trust association interceptor (TAI) in
the WebSphere Application Server.
Before you begin
You need to know how to display and set options in the Microsoft Internet
Explorer browser or any other browser (such as Firefox). You must have a browser
installed that supports SPNEGO authentication.
About this task
Complete the following steps to ensure that your Microsoft Internet
Explorer browser is enabled to perform SPNEGO authentication.
Procedure
- At the desktop, log in to the windows active directory domain.
- Activate Internet Explorer.
- In the Internet Explorer window, click Tools > Internet Options
> Security tab.
- Select the Local intranet icon and click Sites.
- In the Local intranet window, ensure that the "check box" to include
all local (intranet) not listed in other zones is selected, then click Advanced.
- In the Local intranet window, fill in the Add this Web site
to the zone field with the Web address of the host name so that the single
sign-on (SSO) can be enabled to the list Web sites shown in the Web sites
field. Your site information technology staff provides this information. Click OK to
complete this step and close the Local intranet window.
- On the Internet Options window, click the Advanced tab
and scroll to Security settings. Ensure that the Enable Integrated
Windows Authentication (requires restart) box is selected.
- Click OK. Restart your Microsoft Internet Explorer to activate
this configuration.
Results
Complete the following steps to ensure that your Firefox browser
is enabled to perform SPNEGO authentication.
- At the desktop, log in to the windows active directory domain.
- Activate Firefox.
- At the address field, type about:config.
- In the Filter, type network.n
- Double click on network.negotiate-auth.trusted-uris. This preference
lists the sites that are permitted to engage in SPNEGO Authentication with
the browser. Enter a comma-delimited list of trusted domains or URLs.
Note: You
must set the value for network.negotiate-auth.trusted-uris.
- If the deployed SPNEGO solution is using the advanced Kerberos feature
of Credential Delegation double click on network.negotiate-auth.delegation-uris.
This preference lists the sites for which the browser may delegate user authorization
to the server. Enter a comma-delimited list of trusted domains or URLs.
- Click OK. The configuration appears as updated.
- Restart your Firefox browser to activate this configuration.
Your Internet browser is properly configured for SPNEGO authentication.
You can use applications that are deployed in WebSphere Application Server
that use secured resources without being repeatedly requested for an ID and
password.