Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Set up, enabling and migrating security > Enable security
Security configuration report
Overview
The security configuration report gathers and displays the current security settings of the application server. Information is gathered about core security settings, administrative users and groups, CORBA naming roles, and cookie protection. When multiple security domains are configured, each security domain has it's own report with a subset of the sections shown in the global security report that apply to the domain.
New feature: The security configuration report now includes information about...
- session security
- web Attributes
- HttpOnly setting
To run, go to, from the admin console, go to...
Security | Global Security | Security Configuration Report
The columns
Console Name Name of the security attribute as found in the admin console. If the value in this column is on a row highlighted in blue, and is the only entry on the row, then it is the start of a new section. Security Configuration Name Security attribute as found in the configuration file. Value Value of the security attribute. Console Path Name Path where the attribute is found on the console.
The sections
Management scope configurations
Security Settings Information about the top-level security attributes. These attributes set the default for administrative security for the server, such as whether security is enabled, the default user registry, or if Java security is enabled. Authentication Mechanisms and expirations Attributes associated with each authentication mechanisms and trust associations as defined in the configuration. User Registry Attributes for the default user registry for the server. Authorization configuration Attributes configured for an external JACC provider. Application login configuration Application JAAS login entries and their login modules attributes. CSI Attributes that define the inbound and outbound information for the Common Secure Interoperability (CSI) protocol. SSL configuration repertoires Attributes that make up the SSL configuration used by the server. There can be multiple SSL configurations defined, and information about each is displayed. This object is often referenced by an SSL configuration group object used to associate it with an inbound or an outbound connection. Key stores Keystore attributes for each keystore in the configuration. Keystore objects in the configuration are often referenced by an SSL configuration object in the configuration. Trust managers Attributes that make up trust managers that can be used by the server. Trust manager objects in the configuration are typically referenced by an SSL configuration object. Key managers Attributes that make up the key managers that are used by the server. Key manager objects in the configuration are typically referenced by an SSL configuration object. SSL configuration group Attributes that make up an SSL configuration that are used for an outbound or an inbound connection. Management scope Attributes that make up a management scope. The SSL configuration-related objects in the security configuration are defined within a management scope to reference the management scope object. Key set groups Attributes that make up a group of key sets, which are used to manage public, private and shared keys. Key set Attributes that make up the key set, which is used to manage public, private, and shared keys. Schedules Attributes that make up the scheduled process in the security configuration. Notifications Attributes that make up notification objects in the security configuration. Manage certificate expiration Attributes that define how startCertificateExpMonitor is run on the server. System login configuration Attributes that define the System login entries and their login modules. Custom properties Custom properties defined in the security configuration. Web Authentication Properties used to define web authentication used by the server. Administrative Users and Groups Attributes that define roles and the users and groups associated with them as found in the admin-authz.xml file. The column titled Administrative Role Name contains the name of the administrative role. A column titled Administrative Role Value contains the user ID associated with the role (if one exists). Corba Naming Console Names CORBA naming roles and the users that are assigned to the roles. Console Name for Certificate Management Certificate in keystore that are defined in the security configuration. There is also information about the certificates location and their validity period. Cookie Protection Attributes that pertain to HTTP Cookies. This section differs from other sections since information is gathered from different configuration files. The HttpOnly custom property, the web authentication com.ibm.wsspi.security.web.webAuthReq property, and the session security setting on each server are displayed on the report. Java Authorization SPI Configuration Attributes that are defined for the Java Authorization SPI (JASPI) configuration. If there is a JASPI configuration object in the security configuration, information is included concerning whether JASPI is enabled, the name of the default JASPI provider, and a list of defined providers and their authentication modules. If JASPI has not been configured, this section is not shown in the security configuration report.
Custom properties
Enable security
Global security settings
Personal certificates collection
Trust managers collection
Key managers collection
Key set groups collection
Key sets collection
Web authentication settings
Administrative roles
Administrative group roles and CORBA naming service groups
JaspiManagement command group