Configuring JVM custom properties, filtering HTTP requests, and enabling SPNEGO TAI in WebSphere Application Server (deprecated)
Performing this task helps you, as web administrator, to ensure that WebSphere® Application Server is configured to enable the operation of the Simple and Protected GSS-API Negotiation mechanism (SPNEGO) trust association interceptor (TAI) with the required Java™ virtual machine (JVM) property and with the appropriate filtering of HTTP requests.
Before you begin

In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method.
depfeatAbout this task
The default behavior of the SPNEGO TAI is to not intercept HTTP requests. This default behavior ensures that the SPNEGO TAI can be installed into an existing cell, configured for a single application server and not change any other application servers in the cell. Other WebSphere Application Server can run exactly as before within a given configuration.
Procedure
- Log on to WebSphere Application Server administrative console.
- Click Servers > Application servers.
Select the appropriate server. Under Server Infrastructure, expand Java and process management > Process Definition.
Select the appropriate server. Under Server Infrastructure, expand Java and process management > Process Definition. Select Servant.
- Click Java virtual machine. Under Additional Properties, click Custom Properties. Create a new custom property, if required, by clicking New, then code com.ibm.ws.security.spnego.isEnabled in the name field and true in the value field.
- Click Apply > OK to save the configuration
Repeat step 3, but Select Control. Then repeat steps 4 and 5.
- Identify when the SPNEGO TAI intercepts a given request. A set of filter properties is provided, but you must determine what is appropriate and modify the com.ibm.ws.security.spnego.SPN<id>.filterClass accordingly.