Enable SPNEGO in WebSphere

SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) is a requirement of the Kerberos authentication protocol. It must be enabled in your WebSphere profile.

  1. Log in to the Integrated Solutions Console.
  2. Select Security->Global Security->Web and SIP Security->SPNEGO Web Authentication
  3. Under SPNEGO filters, click New. Enter the following values.
    Hostname

    The fully- qualifed domain name of the machine where WebSphere is installed

    Example

    LSF10.lawson.com

    Kerberos realm name

    The Kerberos realm name (uppercase)

    Example

    LAWSON.COM

  4. Check "Trim Kerberos realm from principal name."
  5. Click Apply and then OK.
  6. Select "Dynamically update SPNEGO"
  7. Select "Enable Spnego"
    Kerberos configuration file with full path

    Browse to select the krb5.conf configuration file.

    Kerberos keytab file name with full path

    Browse to select the LSF10.keytab file.

  8. Click Apply and then OK.
  9. Click Save to master configuration.