Configure security with scripting
Overview
You can configure security with scripting and the wsadmin tool.
Before starting this task, the wsadmin tool must be running.
If you enable security for a WAS cell, supply authentication information to communicate with servers.
The sas.client.props and the soap.client.props files are located in the properties directory for each WAS profile...
profilePath/properties
Procedure
- The nature of the properties file updates required for running in secure mode depend on whether you connect with a RMI connector, or a SOAP connector:
- If you use a RMI connector, set the following properties in the sas.client.props file with the appropriate values:
com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword=Also, set the following property:
com.ibm.CORBA.loginSource=propertiesThe default value for this property is prompt in the sas.client.props file. If you leave the default value, a dialog box appears with a password prompt. If the script is running unattended, it appears to hang.
- If you use a SOAP connector, set the following properties in the soap.client.props file with the appropriate values:
com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid= com.ibm.SOAP.loginPassword=Optionally, set the following property:
com.ibm.SOAP.loginSource=noneThe default value for this property is prompt in the soap.client.props file. If you leave the default value, a dialog box appears with a password prompt. If the script is running unattended, it appears to hang.
- Specify user and password information. Choose one of the following methods:
- Specify user name and password on a command line, using the -user and -password commands. For example:
wsadmin -conntype RMI -port 2809 -user u1 -password secret1
- Specify user name and password in the sas.client.props file for a RMI connector or the soap.client.props file for a SOAP connector.
If you specify user and password information on a command line and in the sas.client.props file or the soap.client.props file, the command line information overrides the information in the props file.
On UNIX system, the use of -password option may result in security exposure as the password information becomes visible to the system status program such as ps command which can be invoked by other user to display all the running processes. Do not use this option if security exposure is a concern. Instead, specify user and password information in the soap.client.props file for SOAP connector or sas.client.props file for RMI connector. The soap.client.props and sas.client.props files are located in the properties directory of your WebSphere Application Server profile.
Enable security
Enable Java 2 security
Enable authentication in the file transfer service
Propagate security policy of installed applications to a JACC provider
Configure the JACC provider for TAM
Disable embedded TAM client
Create an SSL configuration at the node scope
Create self-signed certificates
Automate SSL configurations
Update default key store passwords
Configure name space bindings
IdMgrConfig
IdMgrRepositoryConfig
IdMgrRealmConfig
WIMManagementCommands
KeyStoreCommands
SSLConfigCommands
DescriptivePropCommands
TrustManagerCommands
keyManagerCommands
SSLConfigGroupCommands
DynamicSSLConfigSelections
ManagementScopeCommands
WSCertExpMonitorCommands
KeySetGroupCommands
KeySetCommands
KeyReferenceCommands
CertificateRequestCommands
SignerCertificateCommands
PersonalCertificateCommands
SpnegoTAICommands group for the AdminTask object
AuthorizationGroupCommands
ChannelFrameworkManagement
Related tasks
Use scripting (wsadmin)
Getting started with scripting
Related Reference