WebSphere Application Server (WAS) and Single Sign-On (SSO) - Back to 2011

It's been a while since last I did this, but I'm revisiting the happy days of 2011, when first I setup WAS and SSO with Microsoft Active Directory, Kerberos and SPNEGO.

I even presented upon the topic in 2012: -

IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, Kerberos and SPNEGO

Whilst I've done the SPNEGO piece time and again, the thing that I'd not done in a while was to configure the fallback login page.

Thankfully, the IBM Connections documentation to which I referred back in 2012 is still there, albeit in more recent form: -

Configuring SPNEGO (and Kerberos optionally) on WebSphere Application Server

The significant thing is to create a fallback login page, using the HTML example here: -

Creating a redirect page for users without SPNEGO support

This was then hosted on the IBM HTTP Server (IHS) service that fronts the WAS 9 environment: -

/opt/ibm/HTTPServer/htdocs/NoSpnegoRedirect.html

which I then configured in WAS: -

Now, when I hit my servlet via a clean browser: -

https://was.uk.ibm.com:8443/HelloAgain/HelloAgain

I automatically get a login page: -

Note that the URL automatically gets ?noSPNEGO : -

https://was.uk.ibm.com:8443/HelloAgain/login.html?noSPNEGO

thanks to the filter criteria: -