Set custom user registries using scripting


Use this topic to configure custom user registries for global security and security domain configurations using wsadmin. We can define custom user registries at the global level and for multiple security domains. You must meet the following requirements before configuring custom user registries:

WAS security supports stand-alone custom registries in addition to the local operating system registry, standalone LDAP registries, and federated repositories for authentication and authorization. A stand-alone custom-implemented registry uses the UserRegistry Java™ interface as provided by WAS ND. A stand-alone custom registry can support any type of account repository from a relational database, flat file, and so on. We can specify custom user registries at the global level and at the security domain.

When you configure a user registry in the global security configuration, the administrator does not specify a realm name for the user registry. The system determines the realm name from the security run time. The realm name for custom registries is set by the custom registry. Use the following Jython command to make the user registry the active user registry in the global security configuration:

AdminTask.setAdminActiveSecuritySettings('-activeUserRegistry CustomUserRegistry')
Use the following Jython command to make the user registry the active user registry in the application security configuration:

AdminTask.setAppActiveSecuritySettings('-securityDomainName domain2 -activeUserRegistry CustomUserRegistry')

In security domains, we can configure a different realm for a user registry configuration. For example, we can configure two registries that use the same LDAP server listening on the same port, but use different base distinguished names (baseDN). This method supports the configuration to serve different sets of users and groups. To use this type of scenario, specify a realm name for each user registry configured for a domain. Multiple realms can exist in the configuration, and we can also specify a list of trusted realms. Communications between applications that use different realms is supported.

Use the following steps to configure custom user registries for the global security configuration and for multiple security domains:

 

 

What to do next

Use the following command example to save the configuration changes:

AdminConfig.save()


Local operating system registries

 

Related tasks


Set security domains using scripting
Mapping resources to security domains using scripting
Remove resources from security domains using scripting
Remove security domains using scripting