Configuring single sign-on using trust association
This task is performed to enable single sign-on using trust association. Trust association is used to connect reversed proxy servers to the application server.
Before you begin
Note: Use of TAIs for Simple and Protected
GSS-API Negotiation
Mechanism (SPNEGO) authentication is deprecated in this release. The
SPNEGO web authentication panels provide a much easier and less error-prone
way to configure SPNEGO.
To establish the trust association for the single sign-on, perform the following steps:
Procedure
- From the administrative console for WebSphere® Application Server, click Security > Global security.
- From Authentication mechanisms, click Web and SIP security > Trust association.
- Select the Enable trust association option.
- Under Additional properties, click the Interceptors link.
- Click com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus to use a WebSEAL interceptor, or com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl to use a SPNEGO interceptor.
- Under Custom properties, select a custom property to edit or click New to create a new one. Enter the property name and value pairs.
- Click OK.
- Save the configuration and log out.
- Restart WebSphere Application Server.