Modifying SPNEGO TAI properties using the wsadmin utility (deprecated)
You use the wsadmin utility to modify the properties in the configuration of the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) for WebSphere® Application Server.
About this task

In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server 7.0, this function is now deprecated. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method.
depfeatVerify that end-user desktop browsers are configured to support SPNEGO authentication, that the SPNEGO TAI is enabled, that the Java™ virtual machine (JVM) property is set and, that WebSphere Application Server is configured to enable the operation of the SPNEGO TAI.
You use the wsadmin utility to configure the SPNEGO TAI for WebSphere Application Server:Procedure
Results
Example
- Example 1
- The following example configures the SPNEGO TAI to intercept HTTP requests that contain
IE 6 in the user agent request header. The SPNEGO TAI uses the SPN of
HTTP/myhost.ibm.com@<default_realm> to authenticate the request originator. Then the example
modifies the value of the filter custom property that was defined and changes it from
user-agent%=IE 6 to
host==myhost.company.com.
$AdminTask addSpnegoTAIProperties -host myhost.ibm.com -filter user-agent%=IE 6 $AdminTask modifySpnegoTAIProperties -spnId 1 -filter host==myhost.company.com
- Example 2
- This is an example of modifying the SPNEGO TAI for SPN1 properties to add a filter for host
central01.austin.ibm.com.
wsadmin>$AdminTask modifySpnegoTAIProperties -interactive Modify SPNEGO TAI properties Modify SPNEGO TAI configuration properties *Service Principal Name identifier (spnId): 1 Host name in Service Principal Name (host): central01.austin.ibm.com HTTP header filter rule (filter): request-url!=noSPNEGO;request-url%=snoop Name of class used to filter HTTP requests (filterClass): SPNEGO not supported browser response (noSpnegoPage): NTLM Token received browser response (ntlmTokenPage): Trim User Name browser response (trimUserName): Modify SPNEGO TAI properties F (Finish) C (Cancel) Select [F, C]: [F] f WASX7278I: Generated command line: $AdminTask modifySpnegoTAIProperties {-spnId 1 -host w2003secdev.austin.ibm.com -filter request-url!=noSPNEGO;request-url%=sn oop} com.ibm.ws.security.spnego.SPN1.filter=request-url!=noSPNEGO;request-url%=snoop com.ibm.ws.security.spnego.SPN1.hostName=central01.austin.ibm.com wsadmin>