Logout and token licenses for WebSphere Application Server with SPNEGO

When WebSphere® Application Server is configured for Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) authentication, logging out of an application in a web browser might appear to fail.

In a typical logout scenario without SPNEGO configured, authentication information, which is stored in cookies, is removed from the browser and the last viewed page is displayed. If floating licenses are used, the associated floating license is released as well. The user is challenged for credentials again.

In contrast, when SPNEGO authentication is enabled and a user logs out of a web application, the user is not challenged for credentials and the application immediately reconnects the user. The same behavior occurs when the server is configured for basic authentication, where a browser caches user credentials until the browser is shut down. This behavior also occurs when the server is configured for client certificate authentication.

If token licenses are used and a user shuts down the browser, the token license eventually expires and is released to the token license pool. However, there is a delay between the time the user shuts down the browser and the time the token license is released. To ensure that a user logout action results in the immediate release of a token license, the administrator must configure a custom logout page for Jazz™ Team Server.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki