I am adding this to my required reading list for projects where Kerberos and SPNEGO are used to deliver desktop Single Sign-On with WebSphere Application Server: -
Summary: The Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI) in IBM® WebSphere® Application Server V6.1 and in the SPNEGO Web Authentication feature in WebSphere Application Server V7.0 can be a powerful tool to achieve a seamless single sign-on environment between Microsoft® Windows® desktops and WebSphere-based servers. However, some users have trouble configuring service principal names when using SPNEGO. This article describes some best practices for configuring Microsoft Active Directory when using SPNEGO with WebSphere Application Server. (Updated for WebSphere Application Server Versions 6.1 and 7.0.)
• Users with WebSphere Application Server Version 5.1.1.x and 6.0.x can obtain a custom service offering solution from IBM Software Services for WebSphere (ISSW). This solution comes with the source code, and you maintain the custom code yourself. To obtain more information about the ISSW SPNEGO TAI services offering for WebSphere Application Server V5.1.1 and V6.0, contact IBM Software Services for WebSphere.
• WebSphere Application Server Version 6.1 ships a TAI based upon the ISSW version mentioned above, which is a fully supported product code. However, you do not get the source code with this version.
• WebSphere Application Server V7.0 includes SPNEGO function via a new SPNEGO Web Authentication. (V7.0 still ships, but has deprecated, the SPNEGO TAI.)
as I'd previously assumed that WAS did not include native SPNEGO support until 18.104.22.168. In fact, we shipped SPNEGO in WAS 6.1, but have moved to a new SPNEGO Web Authentication module in v7.
All good stuff …..
Will add this to my existing presentation for WAS and SPNEGO ( as delivered at Social Connections II in Cardiff last year )
Creating a standalone Process Center profile in IBM Business Process Manager V8.5
Mon, Sep 1st 2014 11:25p Dave Hay Creating a standalone Process Center profile in IBM Business Process Manager V8.5 A standalone Process Center profile is useful for situations where memory and disk space are limited. Rather than install the Process Center as a network deployment environment with at least three profiles running, plus an additional profile to support the unit test environment server, this article describes how a single profile can provide both a Process Center server and a unit test environment server. Creating [read] Keywords: ibm
IBM HTTP Server - CTGSK3024W Invalid value for parameter from GSK
Mon, Sep 1st 2014 6:05a Dave Hay I hit a wee problem with the Global Security Toolkit (GSK) when creating a certificate for IBM HTTP Server 22.214.171.124 This is the command that I was running: - /opt/ibm/HTTPServer/bin/gskcapicmd -cert -create -db /opt/ibm/HTTPServer/ssl/keystore.kdb -pw passw0rd -size 2048 -dn "bam8012.uk.ibm.com,o=ibm,c=us" -label "bam8012.uk.ibm.com" -default_cert yes which resulted in: - CTGSK3024W Invalid value for parameter "-dn" (bam8012.uk.ibm.com,o=ibm,c=us). It was, of course, user error. This i [read] Keywords: ibm
Cognos on Linux - Dependencies - Soup to Nuts
Sat, Aug 30th 2014 11:05a Dave Hay A follow-up: - IBM Business Monitor and IBM Cognos - DPR-DPR-1035 Dispatcher detected an error IBM Business Monitor 126.96.36.199, Cognos BI and Unix - Dependencies Again Replicate the problem cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/cognos/SupClusterMember1/bin ./BIBusTKServerMain ./BIBusTKServerMain: error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or directory Diagnose using LDD cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/cognos/SupClu [read] Keywords: ibm
Alias command on Unix - why am I late to the party ?
Sat, Aug 30th 2014 9:45a Dave Hay So I regularly make use of this Linux command: - history | cut -c 8- to get the Bash history but without the numbers. Before 131 /opt/IBM/WebSphere/AppServer/bin/sibDDLGenerator.sh -system db2 -version 9.7 -platform unix -schema MONCM00 -statementend ";" -user db2user1 >> ~/createMESchemas.sql 132 /opt/IBM/WebSphere/AppServer/bin/sibDDLGenerator.sh -system db2 -version 9.7 -platform unix -schema MONME00 -statementend ";" -user db2user1 >> ~/createMESchemas.sql 133 db2 -t [read] Keywords: ibm
A Reminder - Which Cluster Does BAM > BPM need ?
Wed, Aug 27th 2014 10:25a Dave Hay WebSphere Business Monitor event emitter factory WebSphere® Business Monitor requires an event emitter factory to generate and send events. Use the wbmConfigureEventEmitterFactory command to install and configure the event emitter factory on a server or cluster. You must already have a common event infrastructure (CEI event service). (Otherwise, run the wbmDeployCEIEventService command to create one.) In the four-cluster topology, the event emitter factory is installed on the support cluster. I [read] Keywords: ibm