Local operating system settings
Use this page to configure local operating system registry settings.
To view this administrative console page:
- Click Security > Global security.
- Under User account repository, click the Available realm definitions drop-down list, select Local operating system.
- Click Configure.
WAS v7 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository.
(dist) However, if you are adding a previous version node to the latest version cell and the previous version node used a server identity and password, you must ensure that the server identity and password for the previous version are defined in the repository for this cell. Enter the server user identity and password on this panel.
(zos) Avoid trouble: Any settings related to the System Authorization Facility (SAF) might not be visible on this panel. To modify these settings:
gotcha
- Go to the panel for SAF by clicking Security > Global security > External authorization providers.
- Select System Authorization Facility (SAF) from the drop-down list under the Authorization provider option.
- Click Configure.
(zos) Custom properties
On the custom properties panel, we can add a value for one or more of the following custom properties:
- disable.principal.case.preservation
- Set this property forces the principal returned by getRemoteUser() and getUserPrincipal() calls to be capitalized. If not set, the case that was presented will be preserved.
- force.credential.creation.for.validation
- Set this property forces the creation of an access control environment elements (ACEE) or find the ACEE of the user from the cache during ID assertion login to prevent obtaining information for users that have been revoked.
Avoid trouble: Forcing the creation of credentials all the time will cause a decrease in performance.gotcha
- com.ibm.security.SAF.truncatePassword
- Set this property causes passwords that are longer than eight characters to be truncated to the first eight characters.
Primary administrative user name
Name of a user with administrative privileges defined in the local operating system.
The user name is used to log on to the administrative console when administrative security is enabled..
In WebSphere Application Server, Version 6.1 and above, a single user identity is required for both administrative access and internal process communication. When migrating to Version 6.1 and above, this identity is used as the server user identity. You need to specify another user for the administrative user identity.
(zos) Important: If System Authorization Facility (SAF) authorization is enabled on the External authorization providers panel, this field does not display.
Automatically generated server identity
Enables the application server to generate the server identity, which is recommended for environments containing only Version 6.1 or later nodes. Automatically generated server identities are not stored in a user repository.
Information Value Default: Enabled
Server identity stored in the repository
User identity in the repository used for internal process communication. Cells containing Version 6.1 or later nodes require a server user identity defined in the active user repository.
Information Value Default: Enabled
(zos) User identity for the z/OS started task
User identity that is associated with the z/OS system started task. Each controller and server can have its own identity.
Server user ID or administrative user on a Version 6.0.x node
User ID used to run the application server for security purposes.
Password
Password that corresponds to the server ID.
(zos) Ignore case for authorization
Indicates that a case-insensitive authorization check is performed when you use the default authorization.
Information Value Default: Disabled Range: Enabled or Disabled
Related tasks
Configure local operating system registries
Local operating system wizard settings