Standalone custom registry settings


To configure the standalone custom registry.

  1. Click...

      Security | Global security

  2. Under User account repository, click the Available realm definitions drop-down list, select Standalone custom registry, and click Configure.

After the properties are set in this panel, click Apply. Under Additional Properties, click Custom properties to include additional properties that the custom user registry requires.

Custom properties might include information such as specifying lists of users or groups.

When security is enabled and any of these custom user registry settings change, go to the Global security panel and click Apply to validate the changes.

WAS V6.1 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository.

However, if we are adding a V5.0.x or 6.0.x node to a V 6.1 cell, verify the V5.x or V 6.0.x server identity and password are defined in the repository for this cell. Enter the server user identity and password on this panel.

Primary administrative user name

Name of a user with administrative privileges that is defined in the custom user registry.

The user name is used to log onto the admin console when administrative security is enabled. V6.1 requires an admin user that is distinct from the server user identity so that admin actions can be audited.

In WAS, Vs 5.x and 6.0.x, a single user identity is required for both admin access and internal process communication. When migrating to V6.1, this identity is used as the server user identity. specify another user for the admin user identity.

Automatically generated server identity

Enables the appserver to generate the server identity, which is recommended for environments that contain only V6.1 or later nodes. Automatically generated server identities are not stored in a user repository.

We can change this server identity on the Authentication mechanisms and expiration panel. To access the Authentication mechanisms and expiration panel, click...

Change the value of the Internal server ID field.

Default: Enabled

Server identity that is stored in the repository

User identity in the repository used for internal process communication. Cells that contain V5.x or 6.0.x nodes require a server user identity that is defined in the active user repository.

Default: Enabled

Server user ID or admin user on a V6.0.x node

User ID used to run the appserver for security purposes.

that corresponds to the server ID.

Custom registry class name

Dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface.

Put the custom registry class name in the class path. A suggested location is the following directory.

  • %install_root%/lib/ext

Data type: String
Default: com.ibm.websphere.security.FileRegistrySample

Ignore case for authorization

Indicates that a case-insensitive authorization check is performed when you use the default authorization.

Default: Disabled
Range: Enabled or Disabled





 

Related tasks


Set standalone custom registries

 

Related


getRemoteUser and getAuthType methods
Standalone custom registry wizard settings