WAS v8.5 > Secure applications > Authenticate users > Select a registry or repository

Configure stand-alone custom registries

Use the following information to configure stand-alone custom registries through the dmgr console.

Before beginning this task, implement and build the UserRegistry interface. For more information on developing stand-alone custom registries refer to Develop stand-alone custom registries. The following steps are required to configure stand-alone custom registries through the dmgr console.

1. Click Security > Global security.

2. Under User account repositories, select Stand-alone custom registry and click Configure.

3. Enter a valid user name in the Primary administrative user name field. This ID is the security server ID, which is only used for WAS security and is not associated with the system process that runs the server. The server calls the local operating system registry to authenticate and obtain privilege information about users by calling the native APIs in that particular registry.

4. Enter the dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface in the Custom registry class name field. For the sample, this file name is com.ibm.websphere.security.FileRegistrySample.

   The sample provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.

5. Add your custom registry class name to the class path. It is recommended that you add the JAR file containing your custom user registry implementation to the following directory:
   • app_server_root/lib/ext

6. Optional: Select the Ignore case for authorization option for the authorization to perform a case insensitive check. Enabling this option is necessary only when the user registry is case insensitive and does not provide a consistent case when queried for users and groups.
7. Click Apply if we have any other additional properties to enter for the registry initialization.

8. Optional: Enter additional properties to initialize your implementation.

   1. Click Custom properties > New.

   2. Enter the property name and value.

      For the sample, enter the following two properties. It is assumed the users.props file and the groups.props file are in the customer_sample directory under the product installation directory. We can place these properties in any directory that you choose and reference their locations through custom properties. However, verify the directory has the appropriate access permissions.

      Additional properties.

      This table lists additional custom properties when configuring stand-alone custom registries.

      Property name	Property value
      usersFile	${USER_INSTALL_ROOT}/customer_sample /users.props
      groupsFile	${USER_INSTALL_ROOT}/customer_sample /groups.props

      Samples of these two properties are available in users.props file and groups.props file.

      The Description, Required, and Validation Expression fields are not used and can remain blank.

      WAS version 4-based custom user registry is migrated to the custom user registry based on the com.ibm.websphere.security.UserRegistry interface.

   3. Click Apply.
   4. Repeat this step to add other additional properties.

9. Click Security > Global security.

10. Under User account repository, click the Available realm definitions drop-down list, select Stand-alone custom registry, and click Configure.

11. Select either the Automatically generated server identity or Server identity stored in the repository option. If you select the Server identity stored in the repository option, enter the following information:

    Server user ID or administrative user on a v6.0.x node

    Specify the short name of the account chosen in the second step.

    Server user password

    Specify the password of the account chosen in the second step.

12. Click OK and complete the required steps to turn on security.

Results

This set of steps is required to set up the stand-alone custom registry and to enable security in WAS.

The security component of WAS expands a selected list of variables when enabling security. See the information about variable settings for more details.

1. Complete the remaining steps, if you are enabling security.
2. Validate the user and password. Save and synchronize in the cell environment.
3. After security is turned on, save, stop, and start all the product servers, including cell, nodes, and all of the application servers, for any changes to take effect. If the server comes up without any problems, the setup is correct.

Subtopics

• Stand-alone custom registry settings
  Use this page to configure the stand-alone custom registry.
• Stand-alone custom registry wizard settings
  A wizard page exists in the dmgr console to aid in viewing the basic settings necessary to connect the application server to an existing stand-alone custom registry. After we have viewed the basic settings, we can also modify the existing stand-alone customer registry configuration using the dmgr console.
• FileRegistrySample.java file
  This provides an example of the FileRegistrySample.java file.
• Develop the UserRegistry interface for using custom registries
  Implementing this interface enables WAS security to use custom registries. This capability extends the java.rmi file. With a remote registry, we can complete this process remotely.
• Stand-alone custom registries
  A stand-alone custom registry is a customer-implemented registry that implements the UserRegistry Java interface, as provided by the product. A custom-implemented registry can support virtually any type of an account repository from a relational database, flat file, and so on. The custom user registry provides considerable flexibility in adapting product security to various environments where some form of a registry or repository other than federated repositories, stand-alone LDAP registry or local operating system registry already exists in the operational environment.
• Stand-alone custom registry settings
  Use this page to configure the stand-alone custom registry.
• Stand-alone custom registry wizard settings
  A wizard page exists in the dmgr console to aid in viewing the basic settings necessary to connect the application server to an existing stand-alone custom registry. After we have viewed the basic settings, we can also modify the existing stand-alone customer registry configuration using the dmgr console.
• FileRegistrySample.java file
  This provides an example of the FileRegistrySample.java file.
• Develop the UserRegistry interface for using custom registries
  Implementing this interface enables WAS security to use custom registries. This capability extends the java.rmi file. With a remote registry, we can complete this process remotely.

Related

Select a registry or repository
Develop stand-alone custom registries

Reference:

WebSphere variables settings

+

Search Tips   |   Advanced Search