Realm configuration settings
Use this page to manage the realm
The realm can consist of identities in the file-based repository that is built into the system, in one or more external repositories, or in both the built-in, file-based repository and one or more external repositories.
To view this console page...
- In the console, click...
Security | Secure administration, applications, and infrastructure. | User account repository | Available realm definitions | Federated repositories | Configure
When you finish adding or updating your federated repository configuration, go to...
Security | Secure administration, applications, and infrastructure
...and click Apply to validate the changes.
A single built-in, file-based repository is built into the system and included in the realm by default.
You can configure one or more LDAP repositories to store identities in the realm. Click Add base entry to realm to specify a repository configuration and a base entry into the realm. You can configure multiple different base entries into the same repository. Click Remove to remove selected repositories from the realm. Repository configurations and contents are not destroyed. The following restrictions apply:
- The realm must always contain at least one base entry; therefore, you cannot remove every entry.
- If you plan to remove the built-in, file-based repository from the administrative realm, verify that at least one user in another member repository is a console user with administrative rights. Otherwise, disable security to regain access to the console.
WAS V6.1 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository. However, if you are adding a V5.0.x or 6.0.x node to a V6.1 cell, ensure that the V5.x or V6.0.x server identity and password are defined in the repository for this cell. Enter the server user identity and password on this panel.
Configuration tab
- Realm name
- Name of the realm. You can change the realm name.
- Primary administrative user name
- Name of the user with administrative privileges that is defined in the repository, for example, adminUser.
The user name is used to log on to the console when administrative security is enabled. V6.1 requires an administrative user that is distinct from the server user identity so that administrative actions can be audited.
In WAS, Versions 5.x and 6.0.x, a single user identity is required for both administrative access and internal process communication. When migrating to V6.1, this identity is used as the server user identity. We need to specify another user for the administrative user identity.
- Automatically generated server identity
-
Enables the appserver to generate the server identity, which is recommended for environments that contain only V6.1 or later nodes. Automatically generated server identities are not stored in a user repository.
You can change this server identity on the Authentication mechanisms and expiration panel. To access the Authentication mechanisms and expiration panel, click...
Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration
Change the value of the Internal server ID field.
Default: Disabled - Server identity that is stored in the repository
-
Specify a user identity in the repository that is used for internal process communication. Cells that contain V5.x or 6.0.x nodes require a server user identity that is defined in the active user repository.
Default: Enabled - Server user ID or administrative user on a V6.0.x node
-
User ID that is used to run the appserver for security purposes.
- Password
-
Password that corresponds to the server ID.
- Ignore case for authorization
-
Specify that a case-insensitive authorization check is performed.
If case sensitivity is not a consideration for authorization, enable the Ignore case for authorization option.
- Base entry
- Base entry within the realm. This entry and its descendents are part of the realm.
- Repository identifier
-
Specify a unique identifier for the repository. This identifier uniquely identifies the repository within the cell.
- Repository type
- Repository type, such as File or LDAP.
Related tasks
Manage the realm in a federated repository configuration