358 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
IBM HTTP Server / IBM Global Security Toolkit - Commanding the line ...
Mon, Sep 22nd 2014 58
WebSphere Application Server - Using WSAdmin to manage users and groups
Mon, Sep 22nd 2014 46
WebSphere Application Server - Recovering from failed transaction recovery
Fri, Sep 19th 2014 157
IBM Integration Bus - The Fun Continues .... MQ reason code 2035 while trying to connect
Fri, Sep 19th 2014 160
Security Bulletin: A security vulnerability has been identified in Cognos BI Server shipped with IBM Business Monitor (CVE-2014-0107)
Fri, Sep 19th 2014 192
IBM HTTP Server and SSL Signature Algorithms
Fri, Sep 19th 2014 221
IBM BPM Advanced 8.5.0.1 - PFS-0065 seen in context of Performance Data Warehouse
Thu, Sep 18th 2014 80
Top 10
Silently installing WebSphere Application Server Network Deployment 8.5 - no GUIs here
Wed, Oct 3rd 2012 1167
java.security.cert.CertPathValidatorException: Certificate chaining error seen with IBM Business Process Manager v8
Mon, Dec 3rd 2012 1037
WAS to DB2 - Null userid is not supported. ERRORCODE=-4461, SQLSTATE=42815
Wed, Aug 14th 2013 796
CWWIM4529E and SECJ0369E seen when authenticating a user in WebSphere Application Server
Tue, Apr 9th 2013 554
SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined.
Fri, Aug 16th 2013 541
More on Lotus Notes and temporary directories
Thu, May 3rd 2012 502
Secure in my CUPS
Fri, Feb 8th 2013 481
Error "CWWIM4512E The password match failed" seen using WebSphere Portal Express v7 on Linux
Thu, Jan 27th 2011 473
IBM BPM 8.5 - Samples and Tutorials
Tue, Oct 29th 2013 470
WAS - How to clear the WebSphere class caches
Mon, Feb 10th 2014 403


Administering SPNEGO within WebSphere Application Server: Tips on using Kerberos service principal names
   

I am adding this to my required reading list for projects where Kerberos and SPNEGO are used to deliver desktop Single Sign-On with WebSphere Application Server: -

Summary:  The Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI) in IBM® WebSphere® Application Server V6.1 and in the SPNEGO Web Authentication feature in WebSphere Application Server V7.0 can be a powerful tool to achieve a seamless single sign-on environment between Microsoft® Windows® desktops and WebSphere-based servers. However, some users have trouble configuring service principal names when using SPNEGO. This article describes some best practices for configuring Microsoft Active Directory when using SPNEGO with WebSphere Application Server. (Updated for WebSphere Application Server Versions 6.1 and 7.0.)


This paragraph is especially useful: _

• Users with WebSphere Application Server Version 5.1.1.x and 6.0.x can obtain a custom service offering solution from IBM Software Services for WebSphere (ISSW). This solution comes with the source code, and you maintain the custom code yourself. To obtain more information about the ISSW SPNEGO TAI services offering for WebSphere Application Server V5.1.1 and V6.0, contact IBM Software Services for WebSphere.

• WebSphere Application Server Version 6.1 ships a TAI based upon the ISSW version mentioned above, which is a fully supported product code. However, you do not get the source code with this version.

• WebSphere Application Server V7.0 includes SPNEGO function via a new SPNEGO Web Authentication. (V7.0 still ships, but has deprecated, the SPNEGO TAI.)

as I'd previously assumed that WAS did not include native SPNEGO support until 7.0.0.9. In fact, we shipped SPNEGO in WAS 6.1, but have moved to a new SPNEGO Web Authentication module in v7.

All good stuff …..

Will add this to my existing presentation for WAS and SPNEGO ( as delivered at Social Connections II in Cardiff last year )


---------------------
http://portal2portal.blogspot.com/2012/04/administering-spnego-within-websphere.html
Apr 21, 2012
75 hits



Recent Blog Posts
58


IBM HTTP Server / IBM Global Security Toolkit - Commanding the line ...
Mon, Sep 22nd 2014 9:05a   Dave Hay
One of my colleagues was looking for inspiration, without too much perspiration, in order to create an SSL/TLS Certificate Service Request (CSR) using IBM HTTP Server and the Global Security Toolkit (GSK). He was hoping to use the GUI tool, IKeyMan, but I tried very hard to persuade him that GUIs are for WIMPs, and that the command-line tool, gskcapicmd is the way to go ( whilst IHS also has ikeycmd, that relies upon a Java Runtime Environment, which may not always be available, especially on a [read] Keywords: admin ibm apple application java network security server websphere wiki
46


WebSphere Application Server - Using WSAdmin to manage users and groups
Mon, Sep 22nd 2014 8:25a   Dave Hay
print AdminTask.searchUsers(["-cn *"]) uid=wasadmin,o=defaultWIMFileBasedRealm uid=wmbadmin,o=defaultWIMFileBasedRealm uid=deAdmin,o=defaultWIMFileBasedRealm print AdminTask.searchGroups(["-cn *"]) cn=developers,o=defaultWIMFileBasedRealm cn=administrators,o=defaultWIMFileBasedRealm cn=dashboard-editor,o=defaultWIMFileBasedRealm cn=dashboard-viewer,o=defaultWIMFileBasedRealm print AdminTask.help('-commands') ... WASX8004I: Available admin commands: WIMCheckPassword - Validates the [read] Keywords: admin application applications security server websphere xml
157


WebSphere Application Server - Recovering from failed transaction recovery
Fri, Sep 19th 2014 10:25a   Dave Hay
Thanks to Twitter for sharing: - IBM_AppServer Great blog on Recovering from failed transaction recovery. Very helpful! Take a look! http://t.co/KoxbxEqNr9 #wasserv 19/09/2014 17:10 When WebSphere Application Server is running a transaction, the transaction information is written to the tranlog directory to log1 & log2. The resources required for that transaction (database name, user, password, etc) are recorded in the partnerlog directory to it's log1 & log2. When a transaction comple [read] Keywords: ibm application community database password server twitter websphere
160


IBM Integration Bus - The Fun Continues .... MQ reason code 2035 while trying to connect
Fri, Sep 19th 2014 7:25a   Dave Hay
So I now have IBM Integration Bus (IIB) 9.0.0.2 and the Toolkit running on my Red Hat Enterprise Linux VM, as per these most recent posts: - Installing IBM Integration Bus 9.0.0.2 on Red Hat Enterprise Linux 6.3 IBM Integration Bus 9.0.0.2 - Tooling Up I have the toolkit installed as user wasadmin because that's the user with which I installed a whole slew of other WebSphere products, using IBM Installation Manager. Therefore, in order to use the Toolkit to create/administer an Integration Node [read] Keywords: connections ibm apple application database enterprise integration linux password red hat security server vm websphere
192


Security Bulletin: A security vulnerability has been identified in Cognos BI Server shipped with IBM Business Monitor (CVE-2014-0107)
Fri, Sep 19th 2014 4:05a   Dave Hay
Security Bulletin: A security vulnerability has been identified in Cognos BI Server shipped with IBM Business Monitor (CVE-2014-0107) Security Bulletin: Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460 [read] Keywords: ibm security server
221


IBM HTTP Server and SSL Signature Algorithms
Fri, Sep 19th 2014 4:05a   Dave Hay
So, whilst listening to this week's SecurityNow podcast, Episode 473 Google vs. SHA-1, I learned that Google plans to force the web to deprecate the SHA1 ( Secure Hash Algorithm ) from November 2014 even though Microsoft has a more moderate plan to move away from it by late 2017. Google wants us to move to SHA2, aka SHA224 / SHA256 / SHA512, even though their own websites are still using SHA1 at the moment: - Apparently, Google Chrome will start to provide visual feedback to end-users when the [read] Keywords: ibm apple google microsoft podcast security server wiki
80


IBM BPM Advanced 8.5.0.1 - PFS-0065 seen in context of Performance Data Warehouse
Thu, Sep 18th 2014 7:45a   Dave Hay
So, hot on the heels of my previous post: - IBM BPM Advanced 8.5.0.1 - Disabling Process Server to Performance Data Warehouse communication I was looking to replicate the same for Process Center. Strangely, when I looked at my Performance Data Warehouse (PDW) database for the Process Center environment, I did NOT have the TASKS table, merely LSW_TASK, and couldn't work out what SQL was actually used to create the missing table. Interestingly, whilst there are SQL scripts to create all of the BP [read] Keywords: admin ibm database db2 server sql
87


IBM BPM Advanced 8.5.0.1 - Disabling Process Server to Performance Data Warehouse communication
Thu, Sep 18th 2014 6:25a   Dave Hay
So, in order to disable the automatic publishing of events from Process Server to the Performance Data Warehouse database, I followed this IBM Technote: - Disabling tracking data generation for a Process Server or Process Center in IBM Business Process Manager (BPM) My requirement is to disable the use of PDW and instead use IBM Business Monitor ( aka BAM ) instead. In essence, one needs to toggle: - from: - true to: - false in 101Custom.xml ( which I used to override the stock 100Custom.xml ) [read] Keywords: ibm community database server xml
83


IBM Business Process Manager on Cloud service adds case handling and enhanced mobile UIs
Wed, Sep 17th 2014 12:45p   Dave Hay
New features built into IBM® Business Process Manager (IBM BPM) on Cloud include: • Basic case-management capabilities that enable knowledge workers to drive business outcomes by using a combination of structured workflows, ad-hoc tasks, and document processing. • New design capabilities for creating responsive user interfaces that can be designed once and run on any device form factor (phone, tablet, or desktop), to support mobile-ready process applications. • Service availability fo [read] Keywords: ibm apple applications desktop mobile
116


WebSphere Application Server Security configuration changes done with wsadmin are not activated immediately.
Wed, Sep 17th 2014 7:05a   Dave Hay
Saw this rather useful IBM Technote via Twitter: - WebSphere Application Server Security configuration changes done with wsadmin are not activated immediately. Problem(Abstract) Some administrative actions (like mapping administrative users or groups to security roles) might not get activated immediately and require a restart of the JVM. For example, you want to map the group called "wasadmins" to the Administrator role: AdminTask.mapGroupsToAdminRole('[-roleName administrator -accessids [ [read] Keywords: ibm application security server twitter websphere




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition