Secure > Enable WebSphere Application Server security > Enabling WebSphere global security


Enable security with an operating system user registry

You can enable WebSphere global security using an operating system user registry as the WebSphere Application Server user registry.

To enable global security for WebSphere Commerce Payments instance, uncheck Password Required for startup check box of payment instance properties in Configuration Manager:


Procedure

  1. Open Configuration Manager.

  2. Click WebSphere Commerce > node_name > Payments > Instance List > instance > Instance Properties > instance.

  3. Clear the Password Required for startup check box.

  4. Click Apply.

  5. Close the Configuration Manager.

  6. To enable WebSphere global security using the operating system user registry as the WebSphere Application Server user registry, do the following:

    1. Log on as a user with administrative authority.

    2. Start the WebSphere Application Server administration server.

    3. Launch the WebSphere administrative console.

    4. In the WebSphere Application Server Administration Console, modify the global security settings...

      1. Expand Security and click Global security.

      2. On the Global security page that is displayed, under User registries, click Local OS.

      3. On the Local OS user registry page that is displayed, complete the fields under General Properties, depending on the security registry server:

        Field Name Sample Values Notes
        Server user ID wcsuser

        • The user ID should have *SECOFR authority.

        • The user ID with operating system administrative privileges that you logged in with. if the machine belongs to a domain, use the fully qualified user ID. for example: DomainXYZ\user_id. Ensure that this account exists in the domain server and is a member of the Administrator's group.

        Server user password password This is the password belonging to the user with operating system administrative privileges that you logged in with.

        Click Apply and then Save.

      4. Click Global security.

        1. Under General Properties, select Enable global security.

        2. In the Global Security Configuration tab, select Enabled.

        3. Clear the Enforce Java 2 Security check box, which is selected by default, if you do not want to enforce Java 2 security.

        4. From the Active authentication mechanism list, select SWAM (Simple WebSphere Authentication Mechanism).

        5. From the Active user registry list, select Local OS.

        6. Click Apply and then Save.

      5. In the navigation pane, expand Applications and click Enterprise Applications.

        1. In the Enterprise Applications window, click the WebSphere Commerce application, WC_instance (for example, WC_demo).

        2. Under Additional Properties, click Map security roles to users/groups.

        3. Click Look up users and locate the user whose role to map.

        4. For that user, select the WCSecurityRole and click OK.

        5. Click Save.

        6. If you are using WAS ND, select the Synchronize changes with Nodes check box.

        7. Click Save again to apply the changes to the master configuration.

      6. In the navigation pane, expand Applications and click Enterprise Applications.

        1. In the Enterprise Applications window, click the WebSphere Commerce application, WC_instance (for example, WC_demo).

        2. Under Additional Properties, click Map RunAs roles to users.

        3. Select WCSecurityRole using the check box on the left and enter the user name and password that you specified in step 4e.

        4. Click Apply.

        5. Click OK in the "Map RunAs Roles to users" panel.

        6. Click Save.

        7. If you are using WAS ND, select the Synchronize changes with Nodes check box.

        8. Click Save again to apply the changes to the master configuration.

    5. Open the Configuration Manager.

      1. Select WebSphere Commerce > node_name > Commerce > Instance List > instance > Instance Properties > Security.

      2. Select the Enable Server Level Security check box. Click Yes to all confirmation prompts.

      3. Select Operating System User Registry. Click Yes to all confirmation prompts.

      4. Enter the user ID and Password for the user with the WCSecurityRole that you used in step 4e, substep iii.

      5. Select the Enable Global Security check box.

      6. Enter the Server user ID and password that you use to login to the WAS Administrative Console.

      7. Click Apply.

      8. Close the Configuration Manager.

    6. Restart the WebSphere Application Server administration server. From now on, when you open the WebSphere Application Server Administration Console, it prompts you for the Server user ID and password.

    7. Restart the WCS instance.

  7. In the WebSphere Application Server Administration Console, modify the global security settings:

    1. Log on as a user with administrative authority.

    2. Start the WebSphere Application Server administration server.

    3. Launch the WebSphere Application Server Administration Console.

    4. Click Security and navigate to Secure administration, applications, and infrastructure. Under Available realm definitions, select Local operating system and click Configure.

    5. Enter the administrator ID name and select Server identity that is stored in the repository. Enter an existing ID and password in the repository, referring to the following server ID constraints:

      Field Name Sample Values Notes
      Server user ID wcsuser

      • The user ID should have *SECOFR authority.

      • The user ID with operating system administrative privileges that you logged in with. if the machine belongs to a domain, use the fully-qualified user ID. for example: DomainXYZ\user_id. Ensure that this account exists in the domain server and is a member of the Administrator's group.

      Server user password password This is the password belonging to the user with operating system administrative privileges that you logged in with.

      1. Click Apply and then Save.

      2. Navigate back to Secure administration, applications, and infrastructure.

        1. Select Enable administrative security.

        2. Deselect Use Java 2 security to restrict application access to local resources.

        3. Click Apply and then Save.

      3. In the navigation pane, click Enterprise Applications and click the server name, for example WC_demo.

        1. Click Security role to user/group mapping.

        2. Select WCSecurity Role and click Look up users and locate the user whose role to map.

        3. Click OK and then Save.

      4. In the navigation pane, click Enterprise Applications and click the server name, for example WC_demo.

        1. Click User RunAs roles.

        2. Select WCSecurityRole and specify the user name and password.

        3. Click Apply.

        4. Click OK and then Save.

    6. Open the Configuration Manager.

      1. Select WebSphere Commerce > node_name > Commerce > Instance List > instance > Instance Properties > Security.

      2. Select the Enable Server Level Security check box. Click Yes to any confirmation prompts that appear.

      3. Select Operating System User Registry. Click Yes to any confirmation prompts that appear.

      4. Enter the user ID and Password for the user with the WCSecurityRole that you specified above.

      5. Select the Enable Global Security check box.

      6. Enter the Server user ID and password that you use to login to the WAS Administrative Console.

      7. Click Apply.

      8. Close the Configuration Manager.

    7. Restart the WCS instance.


+

Search Tips   |   Advanced Search