Creating single sign-ons for HTTP requests using the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) web authentication for WebSphere® Application Server requires the performance of several distinct, yet related functions that when completed, allow HTTP users to log in and authenticate to the Microsoft domain controller only once at their desktop and to receive automatic authentication from the WebSphere Application Server.
In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. This function was deprecated in WebSphere Application Server Version 7.0. SPNEGO web authentication has taken its place to provide the following enhancements:
You can enable either SPNEGO TAI or SPNEGO Web Authentication but not both.
Read about Single sign-on for HTTP requests using SPNEGO web authentication for a better understanding of what SPNEGO Web Authentication is and how it is supported in this version of WebSphere Application Server.
Before starting this task, complete the following checklist:
The objective of this machine arrangement is to permit users to successfully access WebSphere Application Server resources without having to authenticate again and thus achieve Microsoft Windows desktop single sign-on capability.
Continue with the following steps to create a single sign-on for HTTP requests using SPNEGO Web authentication: