Enable security with an operating system user registry

You can WebSphere global security using the operating system user registry as the WAS user registry.

AIX|Linux|Solaris:

Once you enable WebSphere global security using the operating system user registry as the WAS user registry, you will not be able to start or stop any of the application servers, including the WebSphere Commerce application server, as a non-root user. Refer to http://www.ibm.com/support/docview.wss?uid=swg21161788 for more information.

If you want to enable global security for WebSphere Commerce Payments instance, uncheck Password Required for startup check box of payment instance properties in Configuration Manager:

  1. Open the WebSphere Commerce Configuration Manager.

  2. Select WebSphere Commerce> node > Payments > Instance List > instance > Instance Properties > instance.

  3. Uncheck the check box Password Required for startup.

  4. Click Apply.

  5. Close the Configuration Manager.


To enable WebSphere global security using the operating system user registry as the WAS user registry...

  1. Log on as:

    • AIX|Linux|Solaris|root

    • I5/OS|Windows:

      a user with administrative authority.

  2. Start the WAS administration server.

  3. Launch the WAS Administration Console.

  4. In the WAS Administration Console, modify the global security settings as follows:

    1. Expand Security and click Global security.

    2. On the Global security page that is displayed, under User registries, click Local OS.

    3. On the Local OS user registry page that is displayed, fill in the fields under General Properties, depending on your security registry server:

      Field Name Sample Values Notes
      Server user ID wcsuser

      • I5/OS:

        The user ID should have *SECOFR authority.

      • AIX|Linux|Solaris: A user ID that is root or has root authority.

      • Windows: Tthe user id with operating system administrative privileges that you logged in with. if the machine belongs to a domain, use the fully-qualified user id. for example: DomainXYZ\user_id. Ensure that this account exists in the domain server and is a member of the Administrator's group.

      Server user password password This is the password belonging to the user with operating system administrative privileges that you logged in with.
Click Apply and then Save.

  • Click Global security.

    1. Under General Properties, select Enable global security.

    2. In the Global Security Configuration tab, select Enabled.

    3. Clear the Enforce Java 2 Security check box, which is selected by default, if you do not want to enforce Java 2 security.

    4. From the Active authentication mechanism list, select SWAM (Simple WebSphere Authentication Mechanism)..

    5. From the Active user registry list, select Local OS.

    6. Click Apply and then Save.

  • In the navigation pane, expand Applications and click Enterprise Applications.

    1. In the Enterprise Applications window, click your WebSphere Commerce application, WC_instance (for example, WC_demo).

    2. Under Additional Properties, click Map security roles to users/groups.

    3. Click Look up users and locate the user whose role you want to map.

    4. For that user, select the WCSecurityRole and click OK.

    5. Click Save.

    6. If you are using WAS ND, select the Synchronize changes with Nodes check box.

    7. Click Save again to apply the changes to the master configuration.

  • In the navigation pane, expand Applications and click Enterprise Applications.

    1. In the Enterprise Applications window, click your WebSphere Commerce application, WC_instance (for example, WC_demo).

    2. Under Additional Properties, click Map RunAs roles to users.

    3. Select WCSecurityRole using the check box on the left and enter the user name and password that you specified in step 4e.

    4. Click Apply.

    5. Click OK in the "Map RunAs Roles to users" panel.

    6. Click Save.

    7. If you are using WAS ND, select the Synchronize changes with Nodes check box.

    8. Click Save again to apply the changes to the master configuration.

  • Open the WebSphere Commerce Configuration Manager.

    1. Select WebSphere Commerce > node > Commerce > Instance List > instance > Instance Properties > Security.

    2. Select the Enable Server Level Security check box. Click Yes to any confirmation prompts that appear.

    3. Select Operating System User Registry. Click Yes to any confirmation prompts that appear.

    4. Enter the User ID and Password for the user with the WCSecurityRole that you used in step 4e, substep iii.

    5. Select the Enable Global Security check box.

    6. Enter the Server User ID and password that you use to login to the WAS Administrative Console.

    7. Click Apply.

    8. Close the Configuration Manager.

  • Restart the WAS administration server. From now on, when you open the WAS Administration Console, you will be prompted for the Server user ID and password.

  • Restart your WebSphere Commerce instance..

     

    Related Concepts


    WebSphere Commerce security model
    WebSphere Commerce authentication model

     

    Related tasks


    Enabling WAS security
    Enabling WebSphere global security
    Enabling Java 2 security
    Disable WAS security