Question & Answer
Question
WebSphere Application Server (Traditional and Liberty) : Does WebSphere support Integrated Windows Authentication (IWA)?
Answer
Yes! Integrated Windows Authentication includes various authentication protocols such as:
- SPNEGO (Supported)
- Kerberos
- NTLMSSP
WebSphere supports the SPNEGO authentication portion of IWA. This configuration requires a Windows KDC, which is part of Active Directory Domain Services. WebSphere also supports SPNEGO single sign-on with a KDC on various platforms such as Linux, AIX and zOS.
How it works:
Once an MS domain user has logged on to the domain, web browser clients that are configured to use IWA can send the user's SPNEGO token to WebSphere Application Server in response to the server's 401 Authenticate: Negotiate challenge response. This way, users can securely logon to the application without remembering or typing their credentials.
WebSphere configuration:
Please refer to following pages for WebSphere configuration.
WebSphere Liberty: Configuring SPNEGO authentication in Liberty
Traditional WebSphere: Creating a signle sign-on for HTTP requests using SPNEGO Web authentication
Platform:
WebSphere can be on any supported platform to use Integrated Windows Authentication.
Not using Integrated Windows Authentication but want to use Windows LDAP?
Windows Active Directory can be configured with WebSphere as a user registry. Any LDAP v3 compliant server can be configured with Traditional WebSphere and Liberty.
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"Security","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"V855:V9:V9.0.5:","Edition":"Traditional WebSphere, WebSphere Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
26 September 2020
UID
ibm11075671