SPNEGO

  • The client sends the request containing the SPNEGO token in the HTTP header.
  • SPNEGO authentication policy authenticates the request against the specified Kerberos service provider.

Example Policy

AuthenticationBySPNEGO.policy

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
    xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009">
    <wsp:All>
        <wsp:ExactlyOne>
            <tpa:AuthenticationByJaas>
                <wssp:SupportingTokens>
                    <tpa:ExactlyOne>
                        <wssp:SpnegoContextToken />
                    </tpa:ExactlyOne>
                </wssp:SupportingTokens>
                <tpa:SharedResourceLoginModule
                    ResourceInstance="KerberosAsp">
                    <tpa:Properties>
                        <tpa:Property Name="ServiceName" Value="HTTP/vm-w2k8-spml3.support.ch.com@SUPPORT.CH.COM" />
                    </tpa:Properties>
                </tpa:SharedResourceLoginModule>
            </tpa:AuthenticationByJaas>
        </wsp:ExactlyOne>
    </wsp:All>
</wsp:Policy>