+

Search Tips   |   Advanced Search

Realm configuration settings

Use this page to manage the realm. The realm can consist of identities in the file-based repository that is built into the system, in one or more external repositories, or in both the built-in, file-based repository and one or more external repositories.

To view this administrative console page:

  1. In the administrative console, click Security > Security domains.

  2. Under User realm, select Customize for this domain. Select Federated repositories from the Realm type field and click Configure.

When you finish adding or updating the federated repository configuration, go to the Security > Global security panel and click Apply to validate the changes.

A single built-in, file-based repository is built into the system and included in the realm by default.

We can configure one or more LDAP repositories to store identities in the realm. Click Add base entry to realm to specify a repository configuration and a base entry into the realm. We can configure multiple different base entries into the same repository.

Click Remove to remove selected repositories from the realm. Repository configurations and contents are not destroyed. The following restrictions apply:

WAS v7 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository.

(dist) However, if you are adding a previous version node to the latest version cell and the previous version node used a server identity and password, you must ensure that the server identity and password for the previous version are defined in the repository for this cell. Enter the server user identity and password on this panel.


Realm name

Name of the realm. We can change the realm name, but you should complete any other federated repository configuration steps prior to making this change.


Primary administrative user name

Name of the user with administrative privileges defined in the repository, for example, adminUser.

The user name is used to log on to the administrative console when administrative security is enabled. Version 6.1 requires an administrative user that is distinct from the server user identity so that administrative actions can be audited.

In WebSphere Application Server, Version 6.0.x, a single user identity is required for both administrative access and internal process communication. When migrating to Version 6.1, this identity is used as the server user identity. You need to specify another user for the administrative user identity.


Automatically generated server identity

Enables the application server to generate the server identity, which is recommended for environments containing only Version 6.1 or later nodes. Automatically generated server identities are not stored in a user repository.

Information Value
Default: Enabled


Server identity stored in the repository

User identity in the repository used for internal process communication. Cells containing Version 6.1 or later nodes require a server user identity defined in the active user repository.

Information Value
Default: Enabled


(zos) User identity for the z/OS started task

User identity that is associated with the z/OS system started task. Each controller and server can have its own identity.


Server user ID or administrative user on a Version 6.0.x node

User ID used to run the application server for security purposes.


Password

Password that corresponds to the server ID.


Ignore case for authorization

Specifies that a case-insensitive authorization check is performed.

If case sensitivity is not a consideration for authorization, enable the Ignore case for authorization option.


Allow operations if some of the repositories are down

Whether operations (such as login, search, or get) are allowed even if the repositories in the realm are down.


Use global schema for model

Sets the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain.

Avoid trouble: Application domains that are set to use global schema share the same schema of the admin domain. If we extend the schema for an application in one domain, you must also consider how that might affect applications of other domains, as they are bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.gotcha


Base entry

Base entry within the realm. This entry and its descendents are part of the realm.


Repository identifier

Unique identifier for the repository. This identifier uniquely identifies the repository within the cell.


Repository type

Repository type, such as File or LDAP.


Related

Lightweight Directory Access Protocol repository configuration settings