+

Search Tips   |   Advanced Search

Security configuration report

The security configuration report gathers and displays the current security settings of the application server. Information is gathered about core security settings, administrative users and groups, CORBA naming roles, and cookie protection. When multiple security domains are configured, each security domain has it's own report with a subset of the sections shown in the global security report that apply to the domain.

The security configuration report now includes information about session security, web Attributes, and the HttpOnly setting to enable you to get a more complete view of the server security settings.

The report is a table with four columns: Console Name, Security Configuration Name, Value and Console Path Name. The security information gathered is divided into sections, and groups common security information. A row highlighted in blue with a title in the first column starts a new section.

The Security Configuration Report can be run from the console by selecting Security > Global Security and then clicking Security Configuration Report. A new window displays the report information.


The columns

Console Name

Contains the name of the security attribute as found in the console. If the value in this column is on a row highlighted in blue, and is the only entry on the row, then it is the start of a new section.

Security Configuration Name

Contains the security attribute as found in the configuration file.

Value

Contains the value of the security attribute.

Console Path Name

Contains the path where the attribute is found on the console.


The sections

Security Settings

Displays information about the top-level security attributes. These attributes set the default for administrative security for the server, such as whether security is enabled, the default user registry, or if Java security is enabled.

For more information, read the Global security settings article.

Authentication Mechanisms and expirations

Contains all the attributes associated with each authentication mechanisms and trust associations as defined in the configuration.

User Registry

Displays the attributes for the default user registry for the server.

Authorization configuration

Displays attributes configured for an external Java Authorization Contract for Containers (JACC) provider.

Application login configuration

Displays application JAAS login entries and their login modules attributes.

CSI

Displays the attributes that define the inbound and outbound information for the Common Secure Interoperability (CSI) protocol.

SSL configuration repertoires

Displays the attributes that make up the SSL configuration used by the server. There can be multiple SSL configurations defined, and information about each is displayed. This object is often referenced by an SSL configuration group object used to associate it with an inbound or an outbound connection.

For more information, read the SSL configurations collection article.

Key stores

Displays the keystore attributes for each keystore in the configuration. Keystore objects in the configuration are often referenced by an SSL configuration object in the configuration.

For more information, read the Personal certificates collection article.

Trust managers

Displays the attributes that make up trust managers that can be used by the server. Trust manager objects in the configuration are typically referenced by an SSL configuration object.

For the more information, read the Trust managers collection article.

Key managers

Displays the attributes that make up the key managers used by the server. Key manager objects in the configuration are typically referenced by an SSL configuration object.

For more information, read the Key managers collection article.

SSL configuration group

Displays the attributes that make up an SSL configuration used for an outbound or an inbound connection.

Management scope

Displays the attributes that make up a management scope. The SSL configuration-related objects in the security configuration are defined within a management scope to reference the management scope object.

For more information, read the Management scope configurations article.

Key set groups

Displays the attributes that make up a group of key sets, used to manage public, private and shared keys.

For more information, read the Key set groups collection article.

Key set

Displays the attributes that make up the key set, which is used to manage public, private, and shared keys.

For more information, read the Key sets collection article.

Schedules

Displays the attributes that make up the scheduled process in the security configuration.

Notifications

Displays the attributes that make up notification objects in the security configuration.

Manage certificate expiration

Displays the attributes that define how startCertificateExpMonitor is run on the server.

System login configuration

Displays the attributes that define the System login entries and their login modules.

For more information, read the System login configuration entry settings for Java Authentication and Authorization Service article.

Custom properties

Displays all the custom properties defined in the security configuration.

For more information, read the Custom properties article.

Web Authentication

Displays properties used to define web authentication used by the server.

For more information, read the web authentication settings article.

Administrative Users and Groups

Displays the attributes that define roles and the users and groups associated with them as found in the admin-authz.xml file. The column titled Administrative Role Name contains the name of the administrative role. A column titled Administrative Role Value contains the user ID associated with the role (if one exists).

For more information, read the Administrative roles article.

Corba Naming Console Names

Displays the defined CORBA naming roles and the users assigned to the roles.

For more information, read the Administrative group roles and CORBA naming service groups article.

Console Name for Certificate Management

Lists all the certificate in keystore defined in the security configuration. There is also information about the certificates location and their validity period.

Cookie Protection

Displays attributes that pertain to HTTP Cookies. This section differs from other sections since information is gathered from different configuration files. The HttpOnly custom property, the web authentication com.ibm.wsspi.security.web.webAuthReq property, and the session security setting on each server are displayed on the report.

Java Authorization SPI Configuration

Displays the attributes defined for the Java Authorization SPI (JASPI) configuration. If there is a JASPI configuration object in the security configuration, information is included concerning whether JASPI is enabled, the name of the default JASPI provider, and a list of defined providers and their authentication modules.

If JASPI has not been configured, this section is not shown in the security configuration report.


Related concepts

  • Management scope configurations
  • Custom properties


    Related tasks

  • Enable security

    (zos) SSL configurations collection

  • Global security settings
  • Personal certificates collection
  • Trust managers collection
  • Key managers collection
  • Key set groups collection
  • Key sets collection
  • Web authentication settings
  • Administrative roles
  • Administrative group roles and CORBA naming service groups
  • JaspiManagement (AdminTask)