Using the SPNEGO Policy
Learn how to use the SPNEGO policy to authenticate a downstream service.
For information about using policies in the context of the developer portal, see Business Policies.
Table of Contents
The SPNEGO policy is an Operational policy that implements the Microsoft-authored SPNEGO WS-Policy assertion (see http://msdn.microsoft.com/en-us/library/ee525179.aspx). It states the requirement of supporting the SPNEGO Negotiate authenticate scheme.
Not all services and their consumers can support both the NTLM and Kerberos options for SPNEGO. It is only required that both parties support at least one option in common. For example:
- Intermediary for Microsoft (IMS) can support both.
- Network Director can only support the Kerberos option.
The subject category of the identity used in the negotiation is End-User and is not configurable.
Let's take a quick walkthrough of the SPNEGO Policy configuration process to get you started.
Step 1: Add Policy / Use System Policy
- In Policy Manager, to create an SPNEGO Policy instance, go to Policies > Operational Policies and choose Add Policy.
Note: The SPNEGO Policy does not require any configuration.
Step 2: Attach Policy
After you've saved your policy, activate it. You can then attach it to a downstream web service or operation that you would like to capture roll-up data for.
Step 3: Test Policy and View Monitoring Data
After you've attached the SPNEGO Policy to a service or operation, send a request to your service and go to the Services > Monitoring section to view the results for Logs, Real Time Charts, and Historical Charts. For more information on using the monitoring functions, refer to the Policy Manager Online Help, available via the Help button.
Activating a policy
When you create and configure a policy, the policy is in Draft state. When the policy configuration is complete, activate the policy: click Activate Policy and then confirm. See Activate a Policy.
A policy in Draft state is not available for general use. Once you activate the policy, it is in Active state and is available for use.
Attaching a policy
To use the policy, go to the Policies folder in the respective organization and attach the policy to a web service, binding, or binding operation.