I am adding this to my required reading list for projects where Kerberos and SPNEGO are used to deliver desktop Single Sign-On with WebSphere Application Server: -
Summary: The Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI) in IBM® WebSphere® Application Server V6.1 and in the SPNEGO Web Authentication feature in WebSphere Application Server V7.0 can be a powerful tool to achieve a seamless single sign-on environment between Microsoft® Windows® desktops and WebSphere-based servers. However, some users have trouble configuring service principal names when using SPNEGO. This article describes some best practices for configuring Microsoft Active Directory when using SPNEGO with WebSphere Application Server. (Updated for WebSphere Application Server Versions 6.1 and 7.0.)
• Users with WebSphere Application Server Version 5.1.1.x and 6.0.x can obtain a custom service offering solution from IBM Software Services for WebSphere (ISSW). This solution comes with the source code, and you maintain the custom code yourself. To obtain more information about the ISSW SPNEGO TAI services offering for WebSphere Application Server V5.1.1 and V6.0, contact IBM Software Services for WebSphere.
• WebSphere Application Server Version 6.1 ships a TAI based upon the ISSW version mentioned above, which is a fully supported product code. However, you do not get the source code with this version.
• WebSphere Application Server V7.0 includes SPNEGO function via a new SPNEGO Web Authentication. (V7.0 still ships, but has deprecated, the SPNEGO TAI.)
as I'd previously assumed that WAS did not include native SPNEGO support until 126.96.36.199. In fact, we shipped SPNEGO in WAS 6.1, but have moved to a new SPNEGO Web Authentication module in v7.
All good stuff …..
Will add this to my existing presentation for WAS and SPNEGO ( as delivered at Social Connections II in Cardiff last year )
Oracle DB - Broken, now Fixed
Fri, Apr 18th 2014 1:25p Dave Hay So I managed to break my Oracle 11g database, and have now fixed it. The symptom was that, although Oracle was started, it wasn't really started. I kept getting "Connected to an idle instance" and "ORA-01034: ORACLE not available" as per the following: - sqlplus / as sysdba SQL*Plus: Release 188.8.131.52.0 Production on Fri Apr 18 19:53:56 2014 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to an idle instance. SQL> SELECT owner, table_name FROM dba_tables where owner [read] Keywords: acl
Interesting exception seen whilst starting IBM Business Process Manager 184.108.40.206
Tue, Apr 15th 2014 1:45p Dave Hay So I saw this exception: - [15/04/14 19:25:40:071 BST] 00000001 WsServerImpl E WSVR0009E: Error occurred during startup com.ibm.ws.exception.RuntimeError: Exception while verifying the datasource version: failed to get stardard DB version by jndi jdbc/PerformanceDB ( Yes, that's correct - it did say stardard DB version !! ) This occurred whilst I was starting the Support cluster of an IBM BPM 220.127.116.11 Advanced environment. From a bit of digging about, it looks like I failed to completely crea [read] Keywords: ibm
Issues with BPMDeleteSnapshot and BPMSnapshotCleanup commands in IBM Business Process Manager (BPM)
Mon, Apr 14th 2014 10:06a Dave Hay This Flash from IBM Support was released today: - Issues with BPMDeleteSnapshot and BPMSnapshotCleanup commands in IBM Business Process Manager (BPM) Because issues have been discovered with the BPMDeleteSnapshot and BPMSnapshotCleanup commands, these commands require the interim fixes that are listed in the Content section. Do not use these commands without applying all of the interim fixes for your release. The snapshot deletion commands do not delete all of the related artifacts, which pote [read] Keywords: ibm
IBM Business Monitor - Unable to delete BusinessSpaces
Tue, Apr 8th 2014 8:25a Dave Hay One of my clients hit an interesting issue with IBM Business Monitor 18.104.22.168, that'd likely affect any product using BusinessSpace, including Business Process Manager. This was a newly minted environment, and we were quite able to create Business Spaces, but we were unable to delete them. There were no obvious exceptions in the WAS logs or in the underlying Oracle database. It was a bit of a puzzler. At my suggestion, the client raised a PMR with IBM Support, which came up trumps. The client me [read] Keywords: access control list
IBM Installation Manager - What's actually installed ?
Mon, Apr 7th 2014 7:05a Dave Hay So I've blogged about this particular command before: - $ /opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages which returns: - com.ibm.cic.agent_22.214.171.12420831_1216 com.ibm.websphere.MON.V80_8.0.1002.20131028_1518 com.ibm.websphere.ND.v80_126.96.36.19931205_0207 com.ibm.ws.cognos.v1011.linuxia64_10.1.1.20121103_1244 but we also have this: - /opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages -features -long /opt/IBM/InstallationManager/eclipse : com.ibm.cic.agen [read] Keywords: ibm