WAS v8.5 > Script the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

Configure multiple security domains using scripting

We can customize your security configuration at the cell, sever, or cluster level by configuring multiple security domains.

Users assigned to the administrator role can configure security domains. Verify that we have the appropriate administrative role before configuring security domains. Also, enable global security in the environment before configuring multiple security domains. We can create multiple security domains to customize your security configuration. Use multiple security domains to achieve the following goals:

• Configure different security attributes for administrative and user applications within a cell
• Consolidate server configurations by managing different security configurations within a cell
• Restrict access between applications with different user registries, or configure trust relationships between applications to support communication across registries

1. Create a security domain.
   Create multiple security domains in your configuration. By creating multiple security domains, we can configure different security attributes for administrative and user applications within a cell environment.
2. Assign the security domain to one or a set of resources or scopes.
   Assign management resources to security domains. Set management resources to your security domains to customize your security configuration for a cell, server, or cluster.
3. Customize your security configuration by specifying attributes for the security domain.
   Examples of security attributes:

   • User registries to validate user credentials
   • Authorization for validating access to resources
   • Trust association interceptor (TAI) to authenticate a web user using a reverse proxy server
   • Application and system JAAS login configurations
   • LTPA timeout settings
   • Application security enablement to provide application isolation and requirements for authenticating application users
   • Java 2 Security to increase overall system integrity by checking for permissions before allowing access to certain protected system resources
   • Remote Method Invocation over Internet Inter-ORB Protocol (RMI/IIOP) to invoke web services through remote procedure calls
   • Custom properties

Subtopics

• Configure security domains using scripting
  Use this topic to create multiple security domains in your configuration. By creating multiple security domains, we can configure different security attributes for administrative and user applications within a cell environment.
• Configure local operating system user registries using scripting
  Use this topic to configure user registries for global security and security domain configurations using wsadmin. We can define user registries at the global level and for multiple security domains.
• Configure custom user registries using scripting
  Use this topic to configure custom user registries for global security and security domain configurations using wsadmin. We can define custom user registries at the global level and for multiple security domains.
• Configure JAAS login modules using wsadmin.sh
  Use this topic to use wsadmin to manage Java Authentication and Authorization Service (JAAS) login entries to allow communication between realms in a multiple security domain environment.
• Configure Common Secure Interoperability authentication using scripting
  Use this topic to use wsadmin to configure inbound and outbound communications using the Common Secure Interoperability protocol. Common Secure Interoperability v2 (CSIv2) supports increased vendor interoperability and additional features.
• Configure trust association using scripting
  Use wsadmin to manage trust association configurations in a multiple security domain environment. Trust association enables the integration of the application server security and third-party security servers. More specifically, a reverse proxy server can act as a front-end authentication server while the product applies its own authorization policy onto the resulting credentials that are passed by the proxy server.
• Map resources to security domains using scripting
  Use this topic to assign management resources to security domains. Set management resources to your security domains to customize your security configuration for a cell, server, or cluster.
• Remove resources from security domains using scripting
  Use this topic to remove management resources from security domains. Remove all resources from a security domain before deleting the security domain from your configuration.
• Remove security domains using scripting
  Use this topic to delete security domains from your configuration using wsadmin. Remove security domains that are not needed in your security configuration.
• Remove user registries using scripting
  We can use wsadmin to remove user registries from global security or security domain configurations. Use the steps in this topic to remove LDAP, local operating system, custom, or federated repository user registries from your global security or security domain configurations.
• SecurityDomainCommands command group for AdminTask
  We can use the Jython scripting language to configure and administer security domains with wsadmin. Use the commands and parameters in the SecurityDomainCommands group to create and manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.
• AdminTask SecurityConfigurationCommands
  We can use the Jython scripting language to configure security with wsadmin. Use the commands and parameters in the SecurityConfigurationCommands group to manage user registries, single sign-on, data entries, trust association, login modules, and interceptors.
• SecurityRealmInfoCommands command group for AdminTask
  We can use the Jython scripting language to manage security realm configurations with wsadmin. Use the commands and parameters in the SecurityRealmInfoCommands group to query and manage trusted realms.
• NamingAuthzCommands command group for AdminTask
  We can use the Jython scripting language to configure naming roles for groups and users with wsadmin. Use the commands and parameters in the NamingAuthzCommands group to assign, remove, and query naming role configuration. CosNaming security offers increased granularity of security control over CosNaming functions.
• Utility scripts
  The scripting library provides script procedures to automate the application configurations. This topic provides usage information for scripts that set notification options, save configuration changes, and display scripting library information.
• Configure security domains using scripting
  Use this topic to create multiple security domains in your configuration. By creating multiple security domains, we can configure different security attributes for administrative and user applications within a cell environment.
• Configure local operating system user registries using scripting
  Use this topic to configure user registries for global security and security domain configurations using wsadmin. We can define user registries at the global level and for multiple security domains.
• Configure custom user registries using scripting
  Use this topic to configure custom user registries for global security and security domain configurations using wsadmin. We can define custom user registries at the global level and for multiple security domains.
• Configure JAAS login modules using wsadmin.sh
  Use this topic to use wsadmin to manage Java Authentication and Authorization Service (JAAS) login entries to allow communication between realms in a multiple security domain environment.
• Configure Common Secure Interoperability authentication using scripting
  Use this topic to use wsadmin to configure inbound and outbound communications using the Common Secure Interoperability protocol. Common Secure Interoperability v2 (CSIv2) supports increased vendor interoperability and additional features.
• Configure trust association using scripting
  Use wsadmin to manage trust association configurations in a multiple security domain environment. Trust association enables the integration of the application server security and third-party security servers. More specifically, a reverse proxy server can act as a front-end authentication server while the product applies its own authorization policy onto the resulting credentials that are passed by the proxy server.
• Map resources to security domains using scripting
  Use this topic to assign management resources to security domains. Set management resources to your security domains to customize your security configuration for a cell, server, or cluster.
• Remove resources from security domains using scripting
  Use this topic to remove management resources from security domains. Remove all resources from a security domain before deleting the security domain from your configuration.
• Remove security domains using scripting
  Use this topic to delete security domains from your configuration using wsadmin. Remove security domains that are not needed in your security configuration.
• Remove user registries using scripting
  We can use wsadmin to remove user registries from global security or security domain configurations. Use the steps in this topic to remove LDAP, local operating system, custom, or federated repository user registries from your global security or security domain configurations.
• SecurityDomainCommands command group for AdminTask
  We can use the Jython scripting language to configure and administer security domains with wsadmin. Use the commands and parameters in the SecurityDomainCommands group to create and manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.
• AdminTask SecurityConfigurationCommands
  We can use the Jython scripting language to configure security with wsadmin. Use the commands and parameters in the SecurityConfigurationCommands group to manage user registries, single sign-on, data entries, trust association, login modules, and interceptors.
• SecurityRealmInfoCommands command group for AdminTask
  We can use the Jython scripting language to manage security realm configurations with wsadmin. Use the commands and parameters in the SecurityRealmInfoCommands group to query and manage trusted realms.
• NamingAuthzCommands command group for AdminTask
  We can use the Jython scripting language to configure naming roles for groups and users with wsadmin. Use the commands and parameters in the NamingAuthzCommands group to assign, remove, and query naming role configuration. CosNaming security offers increased granularity of security control over CosNaming functions.
• Utility scripts
  The scripting library provides script procedures to automate the application configurations. This topic provides usage information for scripts that set notification options, save configuration changes, and display scripting library information.

+

Search Tips   |   Advanced Search