Implementing Kerberos in a WebSphere Application Server Environment

An IBM Redbooks publication

Published 22 October 2009, updated 25 April 2011

cover image

ISBN-10: 0738433489
ISBN-13: 9780738433486
IBM Form #: SG24-7771-00
(556 pages)

More options

Rate and comment

Authors: Fabio Albertoni, Henry Cui, Elisa Ferracane, James Kochuba, Ut Le, Bill O'Donnell, Gustavo Cezar de Medeiros Paiva, Vipin Rathor, Grzegorz Smolko, Rengan Sundararaman, Tam Tran


This IBM® Redbooks® publication discusses Kerberos technology with IBM WebSphere® Application Server V7.0.0.5 on distributed platforms. IBM WebSphere Application Server V7.0.0.5 Kerberos Authentication and single sign-on (SSO) features enable interoperability and identity propagation with other applications (such as .NET, DB2®, and others) that support the Kerberos authentication mechanism. With this feature, a user can log in once and then can access other applications that support Kerberos Authentication without having to log in a second time. It provides an SSO, end-to-end interoperability solution and preserves the original requester identity.

This book provides a set of common examples and scenarios that demonstrate how to use the Kerberos with WebSphere Application Server. The scenarios include configuration information for WebSphere Application Server V7 when using a KDC from Microsoft®, AIX®, and z/OS® as well as considerations when using these products. The intended audience for this book is system administrators and developers who use IBM WebSphere Application Server V7 on distributed platforms.

Table of contents

Chapter 1. Introduction
Chapter 2. Setting up a KDC on a z/OS system
Chapter 3. Configuring IBM Network Authentication Service KDC on AIX
Chapter 4. Setting up Microsoft Active Directory and Kerberos KDC
Chapter 5. Setting up trust between an AIX KDC and a z/OS KDC
Chapter 6. Setting up trust between a Microsoft Kerberos KDC and a z/OS KDC
Chapter 7. Single sign-on to WebSphere ApplicationServer using SPNEGO
Chapter 8. Single sign-on to WebSphere Application Server for z/OS using SPNEGO
Chapter 9. Single sign-on using SPNEGO in a trusted Microsoft Kerberos KDC environment
Chapter 10. WS-SecurityKerberos with a J2EE Web services client
Chapter 11. WS-SecurityKerberos with a .NET Web services client
Chapter 12. WS-SecurityKerberos with a Thin Client for JAX-WS and .NET provider
Chapter 13. Single sign-on to WebSphere Application Server and DB2 from a Java application client
Chapter 14. Single sign-on from a Java thin client with AIX and z/OS Kerberos trusted realms
Chapter 15. SSO to WebSphere Application Server for z/OS and DB2 using Microsoft Kerberos KDC and z/OS KDC trust
Chapter 16. Command-line administration withKerberos authentication
Chapter 17. Implementing Kerberos in a flexible managementenvironment
Chapter 18. Problem determination
Appendix A. JAAS custom mapping login module source code
Appendix B. Configuring Web browsers for SPNEGO
Appendix C. Sample applications
Appendix D. Installing the Application Client for WebSphere Application Server
Appendix E. Additional material

Follow IBM Redbooks

Follow IBM Redbooks