Manually configure WAS global security

 

+
Search Tips   |   Advanced Search

 


Overview

Use this procedure only if your user registry configuration is LDAP without realm support and if you will not be using the WebSphere Portal configuration tasks to set up WebSphere Application Server global security.

Do not use this procedure if you plan to use the Member Manager configuration (database and LDAP with realm support). Use the WebSphere Portal automated configuration tasks enable-security-wmm-db and enable-security-wmmur-ldap to set up WAS security with the Member Manager user registry configuration. These tasks overwrite any settings in the WAS.

Follow these steps to verify your WAS global security configuration will work with WebSphere Portal:

  1. From WAS Administrative Console, click Security>Global Security.

  2. Verify the following items. Other parameters do not affect WebSphere Portal.

  3. Click Security>Authentication Mechanisms>LTPA.

  4. In the Additional Properties section, click Single Sign On (SSO).

  5. Verify the following items:

    • SSO is enabled.

    • Requires SSL should not be checked unless the portal is being configured for SSL connections from clients.

    • The Domain Name field should be set to a subset of the host name of the HTTP server that front-ends the portal. This will be used as the domain name of the LTPAToken cookie. This is not the LDAP server host.name.

  6. A correct configuration is required to allow WAS to talk to the directory. For details on setting this up, refer to the WAS security configuration documentation. Once the configuration is correct, do the following steps:

    1. Copy the Base Distinguished Name (DN) value to the LDAPSuffix property value in the wpconfig.properties file.

    2. Select Ignore Case.

    3. Enabled SSL only if the connection from WAS to the directory is over SSL. See Set up LDAP over SSL for more information.

    4. In the Additional Properties section, click Advanced LDAP Settings. The search filters and other settings must be set for your directory.

      • In the User Filter field, the attribute that appears before =%v is the attribute value that is used to log in to the portal. For example, if users log in to the portal by entering an e-mail address, and the e-mail address of your users is mapped to the LDAP user object attribute "emailaddress," then the attribute value should be emailaddress. This attribute value might or might not also be the first RDN attribute of your DNs.

        Edit wpconfig.properties and configure a value for LDAPUserPrefix...

        Login Attribute First RDN Attribute of DNs User Filter wpconfig.properties LDAPUserPrefix
        Uid uid uid uid
        Emailaddress uid Emailaddress uid

      • Copy the objectclass that is used for the User Filter value to the LDAPUserObjectClass property in the wpconfig.properties file.

      • Copy the objectclass that is used for the Group filter field to the LDAPGroupObjectClass property in the wpconfig.properties file.

    5. Run the secure-portal-ldap task as described in Configure WebSphere Portal for LDAP without realm support.

  7. If you use a custom user registry, follow these steps:

    1. Click Security>User Registries>Custom. Verify that Ignore Case is selected. Other parameters do not affect WebSphere Portal.

    2. Refer to the WebSphere Portal product documentation page at http://www.ibm.com/websphere/portal/library for further instructions. A whitepaper containing instructions for using WebSphere Portal with a custom user registry will be available soon.

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.