Configure multiple security domains using scripting

We can customize the security configuration at the cell, sever, or cluster level by configuring multiple security domains.

Users assigned to the administrator role can configure security domains. Verify that we have the appropriate administrative role before configuring security domains. Also, enable global security in the environment before configuring multiple security domains.

Create multiple security domains to customize the security configuration. Use multiple security domains to achieve the following goals:

• Configure different security attributes for administrative and user applications within a cell
• Consolidate server configurations by managing different security configurations within a cell
• Restrict access between applications with different user registries, or configure trust relationships between applications to support communication across registries

Tasks

1. Create a security domain. Create multiple security domains in the configuration. By creating multiple security domains, we can configure different security attributes for administrative and user applications within a cell environment.
2. Assign the security domain to one or a set of resources or scopes. Assign management resources to security domains. Set management resources to our security domains to customize the security configuration for a cell, server, or cluster.
3. Customize the security configuration by specifying attributes for our security domain. See the following examples of security attributes:

   • User registries to validate user credentials
   • Authorization for validating access to resources
   • Trust association interceptor (TAI) to authenticate a web user using a reverse proxy server
   • Application and system JAAS login configurations
   • LTPA timeout settings
   • Application security enablement to provide application isolation and requirements for authenticating application users
   • Java 2 Security to increase overall system integrity by checking for permissions before allowing access to certain protected system resources
   • Remote Method Invocation over Internet Inter-ORB Protocol (RMI/IIOP) to invoke web services through remote procedure calls
   • Custom properties

Subtopics

• Configure security domains using scripting
  
• Configure local operating system user registries using scripting
  
• Configure custom user registries using scripting
  
• Configure JAAS login modules
  
• Configure Common Secure Interoperability authentication using scripting
  
• Configure trust association using scripting
  
• Mapping resources to security domains using scripting
  
• Removing resources from security domains using scripting
  
• Removing security domains using scripting
  
• Removing user registries using scripting
  
• SecurityDomainCommands
  
• SecurityConfigurationCommands
  
• SecurityRealmInfoCommands
  
• NamingAuthzCommands
  
• Utility scripts