User registries
Information about users and groups reside in a user registry.
With WebSphere Application Server, a user registry is used for:
- Authenticating a user (using basic authentication, identity assertion, or client certificates)
- Retrieving information about users and groups to perform security-related administrative functions such as mapping users and groups to security roles
The users and groups and security role mapping information is used by the configured authorization engine to perform access control decisions.
WebSphere Application Server provides several implementations to support multiple types of operating system base user registries. Use the custom Lightweight Directory Access Protocol (LDAP) feature to support any LDAP server by setting up the correct configuration (user and group filters). However, support is not extended to these custom LDAP servers because many configuration possibilities exist.
In addition to Local operating system (OS) and LDAP registries, WAS also provides a plug-in that supports any user registry by using the custom registry feature (also referred to as a custom user registry). The custom registry feature supports any user registry that is not implemented by WebSphere Application Server. Use any registry used in the product environment by implementing the UserRegistry interface interface.
The UserRegistry interface is very helpful in situations where the current user and group information exists in some other format (for example, a database) and cannot move to Local OS or LDAP. In such a case, implement the UserRegistry interface so that WAS can use the existing registry for all of the security-related operations. Building a custom registry is a software implementation effort; it is expected that the implementation does not depend on other WAS resources, for example, data sources, for its operation.
Although WAS supports different types of user registries, only one user registry can be active. This active registry is shared by all of the product server processes.
See Also
Tivoli Access Manager integration as the JACC provider
See Also
Custom user registries