Skip to main content

Implementing Kerberos in a WebSphere Application Server Environment

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 23 October 2009, updated 26 April 2011

  1. .PDF (4.9 MB)

Share this page:   

ISBN-10: 0738433489
ISBN-13: 9780738433486
IBM Form #: SG24-7771-00

Authors: Fabio Albertoni, Henry Cui, Elisa Ferracane, James Kochuba, Ut Le, Bill O'Donnell, Gustavo Cezar de Medeiros Paiva, Vipin Rathor, Grzegorz Smolko, Rengan Sundararaman and Tam Tran

    menu icon


    This IBM® Redbooks® publication discusses Kerberos technology with IBM WebSphere® Application Server V7.0.0.5 on distributed platforms. IBM WebSphere Application Server V7.0.0.5 Kerberos Authentication and single sign-on (SSO) features enable interoperability and identity propagation with other applications (such as .NET, DB2®, and others) that support the Kerberos authentication mechanism. With this feature, a user can log in once and then can access other applications that support Kerberos Authentication without having to log in a second time. It provides an SSO, end-to-end interoperability solution and preserves the original requester identity.

    This book provides a set of common examples and scenarios that demonstrate how to use the Kerberos with WebSphere Application Server. The scenarios include configuration information for WebSphere Application Server V7 when using a KDC from Microsoft®, AIX®, and z/OS® as well as considerations when using these products. The intended audience for this book is system administrators and developers who use IBM WebSphere Application Server V7 on distributed platforms.

    Table of Contents

    Chapter 1. Introduction

    Chapter 2. Setting up a KDC on a z/OS system

    Chapter 3. Configuring IBM Network Authentication Service KDC on AIX

    Chapter 4. Setting up Microsoft Active Directory and Kerberos KDC

    Chapter 5. Setting up trust between an AIX KDC and a z/OS KDC

    Chapter 6. Setting up trust between a Microsoft Kerberos KDC and a z/OS KDC

    Chapter 7. Single sign-on to WebSphere ApplicationServer using SPNEGO

    Chapter 8. Single sign-on to WebSphere Application Server for z/OS using SPNEGO

    Chapter 9. Single sign-on using SPNEGO in a trusted Microsoft Kerberos KDC environment

    Chapter 10. WS-SecurityKerberos with a J2EE Web services client

    Chapter 11. WS-SecurityKerberos with a .NET Web services client

    Chapter 12. WS-SecurityKerberos with a Thin Client for JAX-WS and .NET provider

    Chapter 13. Single sign-on to WebSphere Application Server and DB2 from a Java application client

    Chapter 14. Single sign-on from a Java thin client with AIX and z/OS Kerberos trusted realms

    Chapter 15. SSO to WebSphere Application Server for z/OS and DB2 using Microsoft Kerberos KDC and z/OS KDC trust

    Chapter 16. Command-line administration withKerberos authentication

    Chapter 17. Implementing Kerberos in a flexible managementenvironment

    Chapter 18. Problem determination

    Appendix A. JAAS custom mapping login module source code

    Appendix B. Configuring Web browsers for SPNEGO

    Appendix C. Sample applications

    Appendix D. Installing the Application Client for WebSphere Application Server

    Appendix E. Additional material


    Others who read this also read