The enablement process is divided into two steps. Configuring and enabling global security in the Network Deployment environment differs from a standalone base application server. In the Network Deployment environment,
the configuration is stored temporarily on the Deployment Manager until it gets synced up with all of the Node Agents. Also, the Network Deployment
environment uses LTPA as the authentication mechanism so that credentials can be forwarded among processes securely. LTPA requires the following additional configuration steps:
Configure security so that the right information is provided for global security, which will be propagated to all of the nodes.
Enable security on all nodes. This includes ensuring that the files are synchronized and that the processes all get restarted in the correct order.
After security is enabled in a process, it cannot accept some commands that have required access rights assigned. Therefore, the order of the processes that get restarted is important.
Complete the following steps to configure global security in the WebSphere Application Server Version 5.x and later environment.
Configure the User Registry.
For LocalOS, enter the server's userid and password which will be used to authenticate other users and is given administrative privileges for other WebSphere tasks. See Configuring local operating system user registries for detailed information specific to the iSeries server. Select Apply or OK to save the changes.
For LDAP, enter the server's user ID and password. Ensure that this userid is not the LDAP administrative ID. Enter the LDAP type, host,
port, and base DN. These are the required fields. Configure any other LDAP
properties as necessary including the Advanced LDAP properties. See Configuring Lightweight Directory Access Protocol user registries for detailed information specific to the iSeries server. Select Apply or OK at each panel to save the changes.
For Custom, enter the server's userid and password. Also, enter the class name of the implementation of the custom user registry. This should implement the com.ibm.websphere.security.UserRegistry interface. See Configuring custom user registries for detailed information specific to the iSeries server. Select Apply or OK to save the changes.
Enter a password for generating LTPA keys. Re-enter the password for validation. Select Apply to save the password. Next, press the Generate
Keys button to generate a set of keys for use in encrypting LTPA tokens.
Configure Single Signon (SSO). Click on the link below to go to the Single Signon panel. Make sure it is enabled and enter the domain portion of the servers hostname. This is the austin.ibm.com portion for a server host of machine1.austin.ibm.com. Click Apply or OK to save the changes.
Configure the Global Security panel.
Choose which Active User Registry you want to use based on the one you configured above. Change any other attributes on this panel as desired.
Click on the enable check box to turn ON global security.
Select Apply to validate the changes you've made above.
If there are any problems reported above in the Messages section, try going back through the configuration to see if there is something that was missed.
Verify that the server ID used for the user registry is valid.
Do not shut down the Deployment Manager or Node Agents yet.
Go to "Steps to enable global security in ND" for the correct procedure for allowing this configuration to propagate to all of the nodes in the right sequence.
Select Save to write the changes out to the repository.