361 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
Latest 7 Posts
IBM Business Monitor - some FAQs
Thu, Nov 27th 2014 28
IBM Integration Bus - Port Reporting
Thu, Nov 27th 2014 43
IBM HTTP Server - maintenance mode
Thu, Nov 27th 2014 112
Help - The Proxy Ate My Process Designer
Sat, Nov 22nd 2014 106
Lessons Learned - WebSphere MQ, Clustering and Message Driven Beans
Sat, Nov 22nd 2014 93
DB2 Buffer Pools - Automagically tuning
Fri, Nov 21st 2014 94
IBM Business Process Manager - Missing the Bus
Fri, Nov 21st 2014 92
Top 10
Silently installing WebSphere Application Server Network Deployment 8.5 - no GUIs here
Wed, Oct 3rd 2012 576
java.security.cert.CertPathValidatorException: Certificate chaining error seen with IBM Business Process Manager v8
Mon, Dec 3rd 2012 567
WAS to DB2 - Null userid is not supported. ERRORCODE=-4461, SQLSTATE=42815
Wed, Aug 14th 2013 473
CWWIM4529E and SECJ0369E seen when authenticating a user in WebSphere Application Server
Tue, Apr 9th 2013 396
WAS - How to clear the WebSphere class caches
Mon, Feb 10th 2014 372
IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)
Mon, Oct 20th 2014 348
VMware - Where the X is my X ?
Sat, Oct 18th 2014 334
SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined.
Fri, Aug 16th 2013 321
Secure in my CUPS
Fri, Feb 8th 2013 318
Interim Fixes for 9.0.1.x IBM Notes, IBM Domino & IBM iNotes
Tue, Oct 21st 2014 294

Administering SPNEGO within WebSphere Application Server: Tips on using Kerberos service principal names

I am adding this to my required reading list for projects where Kerberos and SPNEGO are used to deliver desktop Single Sign-On with WebSphere Application Server: -

Summary:  The Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI) in IBM® WebSphere® Application Server V6.1 and in the SPNEGO Web Authentication feature in WebSphere Application Server V7.0 can be a powerful tool to achieve a seamless single sign-on environment between Microsoft® Windows® desktops and WebSphere-based servers. However, some users have trouble configuring service principal names when using SPNEGO. This article describes some best practices for configuring Microsoft Active Directory when using SPNEGO with WebSphere Application Server. (Updated for WebSphere Application Server Versions 6.1 and 7.0.)

This paragraph is especially useful: _

• Users with WebSphere Application Server Version 5.1.1.x and 6.0.x can obtain a custom service offering solution from IBM Software Services for WebSphere (ISSW). This solution comes with the source code, and you maintain the custom code yourself. To obtain more information about the ISSW SPNEGO TAI services offering for WebSphere Application Server V5.1.1 and V6.0, contact IBM Software Services for WebSphere.

• WebSphere Application Server Version 6.1 ships a TAI based upon the ISSW version mentioned above, which is a fully supported product code. However, you do not get the source code with this version.

• WebSphere Application Server V7.0 includes SPNEGO function via a new SPNEGO Web Authentication. (V7.0 still ships, but has deprecated, the SPNEGO TAI.)

as I'd previously assumed that WAS did not include native SPNEGO support until In fact, we shipped SPNEGO in WAS 6.1, but have moved to a new SPNEGO Web Authentication module in v7.

All good stuff …..

Will add this to my existing presentation for WAS and SPNEGO ( as delivered at Social Connections II in Cardiff last year )

Apr 21, 2012
38 hits

Recent Blog Posts

IBM Business Monitor - some FAQs
Thu, Nov 27th 2014 1:25p   Dave Hay
Some great stuff here on dwAnswersCan I apply a IBM Cognos Fix Pack to IBM Business Monitor?How do I enable XSS and CSRF protection in IBM Cognos provided with IBM Business MonitorHow can I use SAML tokens with Business Monitor and Cognos?Deploying IBM Cognos Business Intelligence into an existing IBM Business Monitor installationIBM Business Monitor profile creation fails when database is Oracle-based? [read] Keywords: ibm database oracle profile

IBM Integration Bus - Port Reporting
Thu, Nov 27th 2014 9:05a   Dave Hay
Following on from this earlier post: -IBM Integration Bus and the WebSphere Application Server (WAS) PluginI'm working with a colleague to implement the same configuration in another environment.Again, we're using IBM HTTP Server in front of IBM Integration Bus, in order to allow requests ( SOAP over HTTP in this particular case ) to be routed to one of a number of Integration Nodes ( aka Brokers in the old tongue ).This is partly to improve performance ( more engines to servic [read] Keywords: admin connections ibm application integration java server websphere

IBM HTTP Server - maintenance mode
Thu, Nov 27th 2014 3:05a   Dave Hay
One of my colleagues was looking for some intel. on this earlier this week.The requirement is to have IBM HTTP Server (IHS) display a different banner page when WebSphere Application Server is placed into maintenance mode e.g. when the WAS cell is being shut down, recycled, upgraded etc.After a few iterations, and a read of this: -Configuring a temporary 'Site Down For Maintenance' page in IBM HTTP Serverthis is what I configured.In essence, we place a single file in the IHS DocumentRoot: -Doc [read] Keywords: connections ibm apple application server websphere

Help - The Proxy Ate My Process Designer
Sat, Nov 22nd 2014 12:25p   Dave Hay
This is a problem that I recently saw with a client, and was able to reproduce, and more importantly, fix on my own environment.But first some background, one of the IBM BPM's major features is the Eclipse-based development, Process Designer. This interacts directly with Process Center, and provides a collaborative rich-client integrated development environment.Unlike other development tools, Process Designer can NOT function with a constant connection to the Process Center run-time, and this c [read] Keywords: admin ibm apple application development eclipse java microsoft network password server virus websphere widget widgets workspace

Lessons Learned - WebSphere MQ, Clustering and Message Driven Beans
Sat, Nov 22nd 2014 3:05a   Dave Hay
ContextThe requirement is to create a clustered WebSphere MQ infrastructure, and then send messages to an application, known as a Message Driven Bean, deployed onto WebSphere Application Server.The next step will be to create a more sophisticated application that can send and receive messages to/from WebSphere MQ, most likely leveraging the JavaEE Service Component Architecture.In this scenario, I will create a pair of WMQ Queue Managers, each on a separate OS ( Red Hat VM ), one representing th [read] Keywords: ibm notes application enterprise integration java password red hat security server vm websphere xml

DB2 Buffer Pools - Automagically tuning
Fri, Nov 21st 2014 2:45p   Dave Hay
So I picked this nugget of wisdom up this week.One of my most excellent DB2 SME colleagues pointed out the wonderful db2top utility, specifically in the context of monitoring Buffer Pools.You see, ever since I learned to install IBM Operational Decision Manager (ODM), I've been creating a Buffer Pool, bp32k, as required by the documentation and, more importantly, the product: -db2 create bufferpool BP32K size 8000 pagesize 32 KThe DB2 SME, let's call him ... John, pointed out that a Buffer Poo [read] Keywords: ibm apple database db2 server sql

IBM Business Process Manager - Missing the Bus
Fri, Nov 21st 2014 8:06a   Dave Hay
I've just built a single cell, two node three cluster IBM BPM Advanced 8.5.5 environment, against a remote DB2 ESE server.So I was a little startled when, after starting the Deployment Environment, the Service Integration Bus (SIbus) failed to properly start.This is what I saw in one of my Cluster Member logs: -[21/11/14 13:17:03:719 GMT] 00000073 SibMessage I [BPM.ProcessServer.Bus:MECluster.000-BPM.ProcessServer.Bus] CWSIS1593I: The messaging engine, ME_UUID=E997A9EFA09498FC, IN [read] Keywords: ibm apple database db2 integration server

Book Review - Anti-Hacker Tool Kit, Fourth Edition, by Mike Shema
Fri, Nov 21st 2014 3:05a   Dave Hay
Again, following on from earlier posts: -Book Review - Testing Cloud Services:How to Test SaaS, Paas and IaaSBook Review - A Project In Your PocketBook Review - Introduction to Computation and Programming Using Python by John V Guttaghere's my latest book review, on which I am working in conjunction with the British Computer Society.Anti-Hacker Tool Kit, Fourth Edition, by Mike ShemaFrom their site: -Welcome to the fourth edition of the Anti-Hacker Tool Kit. This is a book about the tools that [read] Keywords: application development linux python security virtualization

DB2 - Still 8 characters after all these years ...
Thu, Nov 20th 2014 2:45p   Dave Hay
So I'm more than familiar with systems that are "limited" to 8 characters, but I didn't expect DB2 to have the same limitation, leastways not in 2014 :-)This came up using DB2 Enterprise Server Edition on AIX, but I've since recreated it using DB2 on Red Hat Enterprise Linux 6.6 as well.The problem occurs when I tried to create a DB2 instance against an Unix user ID that's 9 characters long.This is because I'm hosting 10 instances on one OS - db2inst1 through db2inst10.Therefore, [read] Keywords: ibm aix db2 enterprise linux red hat server

Hmmmm, HTTP404 and SRVE0190E seen with IBM HTTP Server and WebSphere Application Server
Fri, Nov 14th 2014 9:26a   Dave Hay
Hmm, so I am seeing this: -Error 404: java.io.FileNotFoundException: SRVE0190E: File not found: /index.htmlwhen I attempt to access a HTML page from IBM HTTP Server via HTTPS: -https://bpm855.uk.ibm.com:8443/index.htmleven though I can get the page via HTTP: -http://bpm855.uk.ibm.com:8080/index.htmlThis is part of an IBM BPM Advanced 8.5.5 infrastructure, and the most recent change was to add IHS into the mix, federate it into the WAS cell, and add a Virtual Host entry for port 8443: -cellID=Adm [read] Keywords: agent ibm application java mac macintosh server websphere xml

Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition