Configure global security
Overview
Enabling global security in the Network Deployment (ND) environment differs from a standalone base application server. In the ND environment, the configuration is stored temporarily on the Deployment Manager until it gets synced up with all of the Node Agents, and the ND environment uses LTPA as the authentication mechanism so that credentials can be forwarded among processes securely.
Procedure
- Configure the User Registry.
- For LocalOS, enter the server's user ID and password that will be used to authenticate other users and is given administrative privileges for other WebSphere tasks. Make sure the user ID provided has...
Act as Part of Operating System...privileges in Windows and root privilege in UNIX environments. Click Apply or OK to save the changes.
- For LDAP, enter the server's user ID and password.
Ensure that this user ID is not the LDAP administrative user ID. Enter the LDAP type, host, port, and base distinguished name. These are the required fields. Configure any other LDAP properties as necessary including the Advanced LDAP properties. Remember to click Apply or OK at each panel to save the changes.
- For Custom, enter the server's user ID and password. Also, enter the class name of the implementation of the custom user registry. This should implement the com.ibm.websphere.security.UserRegistry interface. Click Apply or OK to save the changes.
- Configure the LTPA authentication mechanism.
- Enter a password for generating LTPA keys. Re-enter the password for validation. Click Apply to save the password. Next, press the Generate Keys button to generate a set of keys for use in encrypting LTPA tokens.
- Configure Single Signon (SSO).
Click on the link below to go to the Single Signon panel. Make sure it is enabled and enter the domain portion of the servers hostname. This is the austin.ibm.com portion for a server host of machine1.austin.ibm.com. Click Apply or OK to save the changes.
- Configure the Global Security panel.
- Choose which Active User Registry you want to use based on the one you configured above. Change any other attributes on this panel as desired. Click on the enable check box to turn ON global security.
- Select Apply to validate the changes you've made above. If there are any problems reported above in the Messages section, try going back through the configuration to see if there is something that was missed. Verify that the server ID used for the user registry is valid.
- Do not shut down the Deployment Manager or Node Agents yet. Propagate changes to all of the nodes.
- Select Save to write the changes out to the repository.
See Also
J2EE Connector security
Introduction: Security
Enabling global security
Configuring Java 2 security