Security configuration report
The security configuration report gathers and displays the current security settings of the application server. Information is gathered about core security settings, administrative users and groups, CORBA naming roles, cookie protection, session security, web attributes, and the HttpOnly setting. When multiple security domains are configured, each security domain has it's own report with a subset of the sections shown in the global security report that apply to the domain.
The report is a table with four columns:
- Console Name
- Security Configuration Name
- Value
- Console Path Name
The security information gathered is divided into sections, and groups common security information. A row highlighted in blue with a title in the first column starts a new section.
The Security Configuration Report can be run from the administrative console by selecting...
-
Security > Global Security > Security Configuration Report
A new window displays the report information.
The columns
| Console Name | Name of the security attribute as found in the administrative console. If value in this column is on a row highlighted in blue, and is the only entry on the row, then it is the start of a new section. |
| Security Configuration Name | Security attribute as found in the configuration file. |
| Value | Value of the security attribute. |
| Console Path Name | Path where the attribute is found on the console. |
The sections
| Security Settings | Information about the top-level security attributes. These attributes set the default for administrative security for the server, such as whether security is enabled, the default user registry, or if Java security is enabled. |
| Authentication Mechanisms and expirations | Attributes associated with each authentication mechanisms and trust associations as defined in the configuration. |
| User Registry | Attributes for the default user registry for the server. |
| Authorization configuration | Attributes configured for an external Java Authorization Contract for Containers (JACC) provider. |
| Application login configuration | Application JAAS login entries and their login modules attributes. |
| CSI | Attributes that define the inbound and outbound information for the Common Secure Interoperability (CSI) protocol. |
| SSL configuration repertoires | Attributes that make up the SSL configuration used by the server. There can be multiple SSL configurations defined, and information about each is displayed. This object is often referenced by an SSL configuration group object used to associate it with an inbound or an outbound connection. |
| Key stores | Keystore attributes for each keystore in the configuration. Keystore objects in the configuration are often referenced by an SSL configuration object in the configuration. |
| Trust managers | Attributes that make up trust managers that can be used by the server. Trust manager objects in the configuration are typically referenced by an SSL configuration object. |
| Key managers | Attributes that make up the key managers that are used by the server. Key manager objects in the configuration are typically referenced by an SSL configuration object.
|
| SSL configuration group | Attributes that make up an SSL configuration used for an outbound or an inbound connection. |
| Management scope | Attributes that make up a management scope. The SSL configuration-related objects in the security configuration are defined within a management scope to reference the management scope object. |
| Key set groups | Attributes that make up a group of key sets, which are used to manage public, private and shared keys. |
| Key set | Attributes that make up the key set, which is used to manage public, private, and shared keys. |
| Schedules | Attributes that make up the scheduled process in the security configuration. |
| Notifications | Attributes that make up notification objects in the security configuration. |
| Manage certificate expiration | Attributes that define how startCertificateExpMonitor is run on the server. |
| System login configuration | Attributes that define the System login entries and their login modules. For more information, read the System login configuration entry settings for Java Authentication and Authorization Service article. |
| Custom properties | Display all the custom properties defined in the security configuration. |
| Web Authentication | Displays properties used to define web authentication used by the server. |
| Administrative Users and Groups | Attributes that define roles and the users and groups associated with them as found in the admin-authz.xml file. The column titled Administrative Role Name contains the name of the administrative role. A column titled Administrative Role Value contains the user ID associated with the role (if one exists). article. |
| Corba Naming Console Names | CORBA naming roles and the users that are assigned to the roles. |
| Console Name for Certificate Management | List all the certificate in keystore defined in the security configuration. There is also information about the certificates location and their validity period. |
| Cookie Protection | Attributes pertaining to HTTP Cookies. This section differs from other sections since information is gathered from different configuration files. The HttpOnly custom property, the web authentication com.ibm.wsspi.security.web.webAuthReq property, and the session security setting on each server are displayed on the report. |
| Java Authorization SPI Configuration | Attributes defined for the Java Authorization SPI (JASPI) configuration. If there is a JASPI configuration object in the security configuration, information is included concerning whether JASPI is enabled, the name of the default JASPI provider, and a list of defined providers and their authentication modules. If JASPI has not been configured, this section is not shown in the security configuration report. |
Related: