Manage the realm in federated repository

The realm can consist of identities in:

• The file-based repository that is built into the system

• One or more external repositories

• Both the built-in, file-based repository and in one or more external repositories

Before you configure the realm, review Federated repositories limitations.

1. Configure the realm by using one of the following topics. We might be configuring the realm for the first time or changing an existing realm configuration.
   • Use a single built-in, file-based repository in a new configuration under Federated repositories
   • Change federated repository to include a single built-in, file-based repository only
   • Configure a single, Lightweight Directory Access Protocol repository in a new configuration under Federated repositories
   • Change federated repository to include a single, Lightweight Directory Access Protocol repository only
   • Configure multiple Lightweight Directory Access Protocol repositories in federated repository
   • Configure a single built-in, file-based repository and one or more Lightweight Directory Access Protocol repositories in federated repository

2. Configure supported entity types

   We must configure supported entity types before we can manage this account with Users and Groups. The Base entry for the default parent determines the repository location where entities of the specified type are placed on a create operation.

3. Configure the mapping for user or group attributes of a user registry to federated repository properties in the realm

4. Optional: Under Additional properties, click the Custom properties link to configure custom properties.

5. Optional: Use one or more of the following tasks to extend the capabilities of storing data and attributes in our realm:

   1. Configure an entry mapping repository using the steps described in Configure an entry mapping repository in federated repository. An entry mapping repository is used to store data for managing profiles on multiple repositories.

   2. Configure a property extension repository using the steps described in Configure a property extension repository in federated repository. A property extension repository is used to store attributes that cannot be stored in the LDAP server.

   1. Set up a database repository using wsadmin commands Set up an entry mapping repository, a property extension repository, or a custom registry database repository using wsadmin commands

6. Optional: Use one or more of the following advanced user tasks to extend the capabilities of LDAP repositories in the realm:

   • Increasing the performance of an LDAP repository in federated repository

   • Configure Lightweight Directory Access Protocol entity types in federated repository

   • Configure group attribute definition settings in federated repository

7. Optional: Manage repositories configured in the system by following the steps described in Manage repositories in federated repository.

8. Optional: Add an external repository into your realm by following the steps described in Add an external repository in federated repository.

9. Optional: Change the password for the repository configured under federated repositories by the following steps described in Change the password for a repository under a federated repositories configuration.

What to do next

1. After configuring the federated repositories, click Security > Global security to return to the Global security panel. Verify that Federated repositories is identified in the Current realm definition field. If Federated repositories is not identified, select Federated repositories from the Available realm definitions field and click Set as current. To verify the federated repositories configuration, click Apply on the Global security panel. If Federated repositories is not identified in the Current realm definition field, the federated repositories configuration is not used by WebSphere Application Server.

2. If we are enabling security, complete the remaining steps as specified in Enable security for the realm. As the final step, validate this setup by clicking Apply in the Global security panel.

3. Save, stop, and restart all the product servers (deployment managers, nodes, and Application Servers) for changes in this panel to take effect. If the server comes up without any problems, the setup is correct.

Subtopics

• Federated repositories
  Federated repositories enable you to use multiple repositories with WebSphere Application Server. These repositories, which can be file-based repositories, LDAP repositories, or a sub-tree of an LDAP repository, are defined and theoretically combined under a single realm. All of the user repositories configured under the federated repository functionality are invisible to WebSphere Application Server.

• Realm configuration settings
  Use this page to manage the realm. The realm can consist of identities in the file-based repository that is built into the system, in one or more external repositories, or in both the built-in, file-based repository and one or more external repositories.

• User attribute mapping for federated repositories
  Use this page to set or to modify the mapping for user or group attributes of a user registry to the federated repository properties in the current realm.

• Custom repository details for federated repositories
  Use this panel to specify the configuration for access to a custom repository.

• Add federated repository settings
  Use this page to specify the configuration for access to a file repository.

• (dist) Federated repositories limitations
  This topic outlines known limitations and important information for configuring federated repositories.

• Change the password for a repository under a federated repositories configuration
  Passwords allow security control over the repositories under a federated repositories configuration. As part of managing the realm in federated repository, one of the optional tasks we can perform is to change the password of an individual repository that is under a federated repositories configuration.

• (dist) Use a single built-in, file-based repository in a new configuration under Federated repositories
  Follow this task to use a single built-in, file-based repository in a new configuration under Federated repositories.

• (dist) Add a file-based repository to a federated repositories configuration
  Follow this task to add a file-based repository under federated repositories.

• (dist) Enable client certificate login support for a file-based repository in federated repositories
  We can enable support for client certificate login in a realm configured with a single built-in file-based repository or a multiple repository configuration that includes the file-based repository and other repositories.

• (dist) Configure a single built-in, file-based repository in a new configuration under federated repositories using wsadmin
  We can use the Jython or Jacl scripting language with wsadmin.sh to configure a single built-in, file-based repository in a new configuration under Federated repositories.

• (dist) Change federated repository to include a single built-in, file-based repository only
  Follow this task to change the federated repository configuration to include a single built-in, file-based repository only.

• (dist) Configure a single, Lightweight Directory Access Protocol repository in a new configuration under Federated repositories
  Follow this task to configure a single, Lightweight Directory Access Protocol (LDAP) repository in a new configuration under Federated repositories.

• (dist) Change federated repository to include a single, Lightweight Directory Access Protocol repository only
  Follow this task to change the federated repository configuration to include a single, Lightweight Directory Access Protocol repository (LDAP) repository only.

• (dist) Configure multiple Lightweight Directory Access Protocol repositories in federated repository
  Follow this task to configure multiple Lightweight Directory Access Protocol (LDAP) repositories in federated repository.

• (dist) Configure a single built-in, file-based repository and one or more Lightweight Directory Access Protocol repositories in federated repository
  Follow this task to configure a single built-in, file-based repository and multiple LDAP repositories in federated repository.

• (dist) Manually configuring an Lightweight Directory Access Protocol repository in federated repository
  Follow this topic to manually configure Lightweight Directory Access Protocol (LDAP) repository in federated repository.

• (dist) Configure Lightweight Directory Access Protocol in federated repository
  Follow this topic to configure LDAP settings in federated repository.

• (dist) Migrate a stand-alone LDAP repository to a federated repositories LDAP repository configuration
  When configuring the security for the application server, we might need to migrate a stand-alone LDAP registry to a federated repositories LDAP repository configuration.

• (dist) Add an external repository in federated repository
  Follow this task to add an external repository into a federated repository configuration.

• (dist) Configure a property extension repository in federated repository
  Follow this task to configure a property extension repository to store attributes that cannot be stored in the Lightweight Directory Access Protocol (LDAP) server.

• (dist) Configure an entry mapping repository in federated repository
  Follow this task to configure an entry mapping repository used to store data for managing profiles on multiple repositories.

• (dist) Configure supported entity types in federated repository
  Follow this task to configure supported entity types for user and group management.

• (dist) Configure user repository attribute mapping in federated repository
  Follow this task to set or modify the mapping for user or group attributes of a user registry to federated repository properties in the current realm.

• (dist) Manage repositories in federated repository
  Follow this topic to manage repositories in a federated repository configuration.

• (dist) Increase the performance of an LDAP repository in federated repository
  Follow the steps given here to increase the performance of an LDAP repository in federated repository.

• (dist) Use custom adapters for federated repositories
  When the custom adapters for federated repositories are part of the default realm, the users and groups can be managed using wsadmin commands or the console.

• (dist) Establishing custom adapters for federated repositories
  Out of the box adapters for federated repositories provide File, LDAP, and Database adapter for the use. These adapters implement the com.ibm.wsspi.wim.Repository software programming interface (SPI). Custom adapters for federated repositories need to implement the same SPI.

• (dist) Add a custom repository to a federated repositories configuration
  Follow this task to add a custom repository under federated repositories.

• (dist) Configure custom adapters for federated repositories using wsadmin
  We can use the Jython or Jacl scripting language with wsadmin.sh to define custom adapters in the federated repositories configuration file.

• (dist) Configure the user registry bridge for federated repositories
  The user registry bridge is configured like other custom adapters. We can use the Jython or Jacl scripting language with the wsadmin scripting tool to define the user registry bridge in the federated repositories configuration.

• (dist) Configure Lightweight Directory Access Protocol entity types in federated repository
  Follow this task to configure LDAP entity types in federated repository.

• (dist) Configure LDAP attributes in federated repository
  Follow this task to add, modify, or delete the configuration of supported, unsupported, and external LDAP attributes in a federated repositories configuration.

• (dist) Configure group attribute definition settings in federated repository
  Follow this task to configure group definition settings in federated repository.

• (dist) Configure member attributes in federated repository
  Follow this task to configure member attributes in a federated repository configuration.

• (dist) Configure dynamic member attributes in federated repository
  Follow this task to configure dynamic member attributes in federated repository.