Enable only global security with an operating system user registry

You can enable global security with an operating system user registry.

AIX|Linux|Solaris:

Once you enable WebSphere global security using the operating system user registry as the WAS user registry, you will not be able to start or stop any of the application servers, including the WebSphere Commerce application server, as a non-root user. Refer to http://www.ibm.com/support/docview.wss?uid=swg21161788 for more information.

If you want to enable global security for WebSphere Commerce Payments instance, uncheck Password Required for startup check box of payment instance properties in Configuration Manager:

  1. Open the WebSphere Commerce Configuration Manager.

  2. Select WebSphere Commerce> node > payments > Instance List > instance > Instance Properties > instance.

  3. Uncheck the check box Password Required for startup.

  4. Click Apply.

  5. Close the Configuration Manager.


To enable only WebSphere global security using the operating system user registry as the WAS user registry...

  1. Federate to a WAS Deployment Manager

  2. Log on as:

    • AIX|Linux|Solaris|root

    • I5/OS|Windows:

      a user with administrative authority.

  3. Start the WAS administration server.

  4. Launch the WAS Administration Console.

  5. In the WAS Administration Console, modify the global security settings as follows:

    1. Expand Security and click Global security.

    2. On the Global security page that is displayed, under User registries, click Local OS.

    3. On the Local OS user registry page that is displayed, fill in the fields under General Properties, depending on your security registry server:

      Field Name Sample Values Notes
      server user id wcsuser

      • I5/OS:

        The user ID should have *SECOFR authority.

      • AIX|Linux|Solaris: A user ID that is root or has root authority.

      • Windows: The user id with operating system administrative privileges that you logged in with. if the machine belongs to a domain, use the fully-qualified user id. for example: DomainXYZ\user_id. Ensure that this account exists in the domain server and is a member of the Administrator's group.

      Server user password password This is the password belonging to the user with operating system administrative privileges that you logged in with.
Click Apply and then Save.

  • Click Global security.

    1. Under General Properties, select Enable global security.

    2. In the Global Security Configuration tab, select Enabled.

    3. Clear the Enforce Java 2 Security check box, which is selected by default, if you do not want to enforce Java 2 security.

    4. From the Active authentication mechanism list, select SWAM (Simple WebSphere Authentication Mechanism)..

    5. From the Active user registry list, select Local OS.

    6. Click Apply and then Save.

  • In the navigation pane, expand Applications and click Enterprise Applications.

    1. In the Enterprise Applications window, click your WebSphere Commerce application, WC_instance (for example, WC_demo).

    2. Under Additional Properties, click Map security roles to users/groups.

    3. Click Look up users and locate the user whose role you want to map.

    4. For that user, select the WCSecurityRole and click OK.

  • Disable application security (server level security):

    1. For each server that is running your WebSphere Commerce application:

      1. Expand Servers and click Application Servers

      2. Click the on the server name

      3. Under Security select Server security

      4. Under Additional Properties select Server-level security

      5. Uncheck Enable global security

      6. Uncheck the Enforce Java 2 Security check box which is selected by default

      7. Click OK

    2. Ensure that all users can read and write to the JNDI namespace:

      1. Expand Environment.

      2. Expand Naming and click on CORBA Naming Service Groups

      3. Click on EVERYONE

      4. Select all roles by holding down the CTRL key and clicking on each role

      5. Click OK

    3. Save and synchronize the configuration.

  • Restart all WebSphere Commerce Servers (Deployment Manager, Node Agents, Application Servers) in your cell. From now on, when you open the WAS Administration Console, you will be prompted for the Server User ID and password.

  • Open the WebSphere Commerce Configuration Manager.

    1. Select WebSphere Commerce > node > Commerce > Instance List > instance > Instance Properties > Security.

    2. Ensure that the Enable Server Level Security check box is not checked.

    3. Select the Enable Global Security check box.

    4. Enter the Server User ID and password that you use to login to the WAS Administrative Console.

    5. Click Apply.

    6. Close the Configuration Manager.

  • Your WebSphere Commerce instance will be started automatically.

     

    Related Concepts


    WebSphere Commerce security model
    WebSphere Commerce authentication model

     

    Related tasks


    Enabling WAS security
    Enabling WebSphere global security
    Enabling Java 2 security
    Disable WAS security