WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Configure a database user registry

 

+

Search Tips   |   Advanced Search

 

Choose this option to use a database user registry configuration for authentication. This option also enables WebSphere Application Server global security and deploys portlets if you installed WebSphere Portal Express without configuring it.

Do not use this procedure if you plan to use a custom user registry or an LDAP user registry with realm support for authentication

  1. Disable WebSphere Application Server global security.

  2. Go to...

    Windows and Linux: portal_server_root/config
    i5/OS: portal_server_root_user/config

  3. Edit...

    • wpconfig.properties
    • wpconfig_dbdomain.properties

    Enter the values appropriate for your environment.

    Before running configuration tasks, insert required passwords. After the task has run, you should delete all passwords from the wpconfig.properties file.

    Alternatively, you can specify the password on the command line using the following syntax:

    • Linux:

      WPSconfig.sh task_name -Dpassword_property_key=password_value

    • Windows:

      WPSconfig.bat task_name -Dpassword_property_key=password_value

    • i5/OS:

      WPSconfig.sh -profileName profile_root task_name -Dpassword_property_key=password_value

    As with other properties, each password property must have the -D prefix and be set equal to (=) a value. If you have multiple properties in a single command, use a space character between each -Dproperty=value setting.

    Note the following:

    • Do not change any settings other than those specified in these steps.

      For instructions on working with these files, see Configuration properties reference for a complete properties reference, including default values.

    • Some values, shown here in italics, might need to be modified to your specific environment.

    • Use / instead of \ for all platforms.

    • You can also modify the wpconfig.properties and wpconfig_dbdomain.properties files locally on your i5/OS system by entering the following on an OS/400 command line:

      EDTF 'portal_server_root_user/config/wpconfig.properties'

     

    WebSphere Application Server properties

    Property Value
    LTPAPassword The password for the LTPA bind.

    Type: Alphanumeric text string

    Default: none

    WasUserid The user ID for WebSphere Application Server security authentication. For an LDAP configuration this should be the fully qualified distinguished name (DN) of a current administrative user for the WebSphere Application Server.

    For a configuration using Member Manager User Registry database the short version of the distinguished name must be used.

    Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN). If a value is specified for WasUserid, a value must also be specified for WasPassword.

    If WasUserid is left blank, WasPassword must also be left blank.

    For LDAP configuration this value should not contain spaces.

    Type: Alphanumeric text string

    Example: When using LDAP security:

    • Tivoli Directory Server: uid=wpsbind,cn=users,dc=example,dc=com

    • Lotus Domino: cn=wpsbind,o=example.com

    • Active Directory: cn=wpsbind,cn=users,dc=example,dc=com

    • Active Directory Application Mode: cn=wpsbind,cn=users,dc=example,dc=com

    • Sun Java System Directory Server: uid=wpsbind,ou=people,o=example.com

    • Novell eDirectory: uid=wpsbind,ou=people,o=example.com

    Example: When using Custom User Registry (CUR):

    • CUR: wpsbind

    Default: ReplaceWithYourWASUserID

    WasPassword The password for WebSphere Application Server security authentication.

    If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.

    Type: Alphanumeric text string

    Recommended: Set this value according to a environment.

    Default: ReplaceWithYourWASUserPwd

    LTPATimeout The number of minutes after which an LTPA token will expire.

    Type: Numeric text string

    Default: 120

    SSODomainName The domain name for all allowable single signon host domains.

    • Enter the part of the domain that is common to all servers that participate in single signon. For example, if WebSphere Portal Express has the domain portal.us.ibm.com and another server has the domain another_server.ibm.com, enter ibm.com.

    • To specify multiple domains, use a semicolon ; to separate each domain name. For example, your_co.com;ibm.com.

    Single signon (SSO) is achieved using a cookie that is sent to the browser during authentication. When connecting to other servers in the TCP/IP domain specified in the cookie, the browser sends the cookie. If no domain is set in the cookie, the browser will only send the cookie to the issuing server. See the WebSphere Application Server documentation for further details about this setting.

    Type: Fully-qualified domain name

    Default: none

     

    WebSphere Portal Express configuration

    Property Value
    PortalAdminId The user ID for the WebSphere Portal Express administrator, which should be the fully qualified distinguished name (DN).

    Notes:

    • For LDAP configuration this value should not contain spaces.

    • Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN).

    Type: Alphanumeric text string, conforming to the LDAP distinguished name format

     

    Examples for LDAP:

    • Tivoli Directory Server: uid=portaladminid,cn=users,dc=example,dc=com

    • Lotus Domino: cn=portaladminid,o=example.com

    • Active Directory and Active Directory Application Mode: cn=portaladminid,cn=users,dc=example,dc=com

    • Sun Java System Directory Server: uid=portaladminid,ou=people,o=example.com

    • Novell eDirectory: uid=portaladminid,ou=people,o=example.com

    Custom User Registry example: uid=portaladminid Windows and Linux default: none i5/OS default: uid=portaladminid,o=default organization

    PortalAdminPwd The password for the WebSphere Portal Express administrator, as defined in the PortalAdminId property.

    Type: Alphanumeric text string Example: yourportaladminpwd

    Default: none

    PortalAdminGroupId The group ID for the group to which the WebSphere Portal Express administrator belongs.

    Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN).

    Type: Alphanumeric text string, conforming to the LDAP distinguished name format

    Examples for LDAP:

    • Tivoli Directory Server: cn=wpsadmins,cn=groups,dc=example,dc=com

    • Lotus Domino: cn=wpsadmins

    • Active Directory: cn=wpsadmins,cn=groups,dc=example,dc=com

    • Active Directory Application Mode: cn=wpsadmins,cn=groups,dc=example,dc=com

    • Sun Java System Directory Server: cn=wpsadmins,ou=groups,o=example.com

    • Novell eDirectory: cn=wpsadmins,ou=groups,o=example.com

    Custom User Registry example: cn=wpsadmins,o=default organization

    Default: cn=wpsadmins,o=default organization

    WmmDefaultRealm The default realm of the Member Manager user registry (UR) configuration. Set this property before enabling security with enable-security-wmmur-ldap or enable-security-wmmur-db.

    Type: Alphanumeric text string

    Default: portal

     

    Section of the wpconfig_dbdomain.properties file: Database configuration

    Property Value
    wmm.DbUser

    The user ID for the database administrator.

    Notes:

    • For SQL Server and non-wmm databases only, unless you are the system administrator, the values for dbdomain.DbUser and dbdomain.DbSchema must be the same.

    • For Oracle and SQL Server, if the user you are using is an administrative user that has authority over the FEEDBACK schema, the administrative user should be entered for the dbdomain.DbUser property.

    • For Oracle only: For non-feedback domains, DbSchema and DbUser MUST be the same. For Feeback domains, the default schema name is FEEDBACK. If the value is set to something besides FEEDBACK, you also have to set the schemaName property in...

      <wps_home>/shared/app/config/services/FeedbackService.properties

      ...to the new schema.

    Type: Alphanumeric text string

    Default for all domains: wpdb2ins ReplacewithyourDBAdminUser

    Recommended:

    • Release: releaseusr
    • Community: communityusr
    • Customization: customizationusr
    • JCR: icmadmin
    • WMM: wmmdbusr
    • Feedback: feedback
    • LikeMinds: lmdbusr

    wmm.DbPassword

    The password for the database administrator.

    A value must be set for this property; it cannot be empty.

    Type: Alphanumeric text string

    Default for all domains: ReplaceWithYourDbAdminPwd

  4. Save the wpconfig.properties and wpconfig_dbdomain.properties files.

  5. Use the following steps to stop the WebSphere Portal Express application server:

    1. Open a command prompt and change to the following directory:

    2. Enter the following command:

      • Linux:

        ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

      • Windows:

        stopServer.bat WebSphere_Portal -user admin_userid -password admin_password

      • i5/OS:

        stopServer.sh WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

  6. Change to the following directory:

  7. Follow these steps if you are running this task on a node that is already federated and have not previously used this step to copy Member Manager files to the deployment manager machine:

    1. Create the wasextarchive.jar file, which contains the Member Manager binaries.

      • Windows and Linux:

        Run the following command from the portal_server_root/config directory on the WebSphere Portal Express node.

      • i5/OS:

        Run the following command from the directory...

        portal_server_root_user/config

        ...on the WebSphere Portal Express node:

        WPSconfig.sh -profileName profile_root archive-was-ext

    2. Copy the wasextarchive.jar file to the installation root folder of the deployment manager machine.

      The wasextarchive.jar file is located in the following directory:

    3. Stop the deployment manager by issuing the following command from the app_server_root/bin directory on the deployment manager machine:

      • Linux:

        ./stopManager.sh

      • Windows:

        stopManager.bat

      • i5/OS:

        stopManager -profileName dmgr_profile

    4. Extract the contents of the wasextarchive.jar file to the app_server_root directory on the deployment manager machine.

      • Windows and Linux:

        Run the following command from the app_server_root directory:

        • Linux:

          ./java/bin/jar -xvf wasextarchive.jar

        • Windows:

          java\bin\jar -xvf wasextarchive.jar

      • i5/OS:

        Run...

        cd app_server_root
        /QIBM/ProdData/Java400/jdk14/bin/jar -xvf wasextarchive.jar

    5. Verify that the app_server_root/lib directory contains files that start with wmm.

    6. Restart the deployment manager by issuing the following command from the app_server_root/bin directory:

      • Linux:

        ./startManager.sh

      • Windows:

        startManager.bat

      • i5/OS:

        startManager -profileName dmgr_profile

    If you want to log in to the deployment manager administrative console using the WebSphere Application Server short ID, complete the following steps on the deployment manager machine.

    If you want to give all nodes in the cell access to the Member Manager database, the following steps must be performed on each non-portal node.

    While access to the database is not required in all setups, it is recommended to perform these steps in all cases because some configuration changes may required the use of the database:

    1. Ensure that the database software required for the Member Manager domain is installed. The software is installed locally on the non-portal node.

      If you are using DB2 Type 2 drivers catalog the Member Manager User Registry database on the non-portal node.

    2. This step may be skipped if access is being set up on non-portal nodes. Create a connection for the deployment manager to the Member Manager database.

      • First establish a unique datasource name for the database by setting the following property in the wpconfig_dbdomain.properties file:

        wmm.DataSourceName=wmmdbDS

      • Create the connection by running the following command on the cluster's primary node, from the portal_server_root/config directory, or for i5/OS, from the portal_server_root_user/config directory:

        • Windows:

          WPSconfig.bat connect-database-wmm

        • Linux:

          ./WPSconfig.sh connect-database-wmm

        • i5/OS:

          WPSconfig.sh -profileName profile_root connect-database-wmm -DWasPassword=password

    3. Log in to the deployment manager administrative console, and click Resources > JDBC Providers. View the resources at Cell scope by verifying the Node and Server fields are empty and click Apply.

    4. Click on the JDBC provider that contains the Member Manager data source.

    5. In the Classpath field, note the name of the environment variable specified. For example,...

      ${ DB2_JDBC_DRIVER_CLASSPATH}

    6. Select...

      Environment | WebSphere Variables

      ...in the navigation tree.

    7. Select either the deployment manager or the non-portal node to filter the list of variables. Select Browse Nodes, then select either the deployment manager Node or the non-portal Node, and then click Apply.

    8. Click New.

    9. Enter the name of the variable previously specified by the JDBC provider, for example DB2_JDBC_DRIVER_CLASSPATH.

    10. In the Value field, enter the directory and name of the ZIP or JAR file that contains the JDBC driver class. For example: db2_install/java/db2java.zip.

    11. Save your changes to the deployment manager configuration.

  8. Perform this step only if you are in a clustered environment:

    If you enabled security using the database user registry, the Member Manager Datasource definitions will automatically be created on the Deployment Manager cell.

    All nodes need to define a WebSphereEnvironment Variable for the JdbcClassPath.

    The nodes which have WebSphere Portal Express installed will already have this WebSphereEnvironment Variable defined. Refer to the Creating a WebSphereEnvironment Variable section in the WebSphere Application Server information center for information on how to manually create the WebSphereEnvironment Variable definitions. When defining the WebSphereEnvironment Variable, please ensure that the name matches the DBTYPE_JDBC_DRIVER_CLASSPATH.

  9. Enter the appropriate command to run the configuration task:

    If this is a cluster environment, stop all cluster members before enabling security using the enable-security-wmmur-db task.

    • Linux:

      ./WPSconfig.sh enable-security-wmmur-db -DLTPAPassword=password -DWasPassword=password -DPortalAdminPassword=password -Dwmm.DbPassword=password

    • Windows:

      WPSconfig.bat enable-security-wmmur-db -DLTPAPassword=password -DWasPassword=password -DPortalAdminPassword=password -Dwmm.DbPassword=password

    • i5/OS:

      cd UserData
      WPSconfig.sh -profileName profile_root enable-security-wmmur-db -DLTPAPassword=password -DWasPassword=password -DPortalAdminPassword=password -Dwmm.DbPassword=password

    If you are configuring security with a database repository, you can only login to WebSphere Portal Express and the WebSphere Application Server Administration console using the short ID, for example, as a portaladmin user, you would use the id you specified in the wpconfig.properties file under PortalAdminId and as the WebSphere Application Server administrative user, you would use the ID for WasUserid.

    Check the output for any error messages before proceeding with any additional tasks.

    If the configuration task fails, verify the values in the wpconfig.properties file.

  10. In order to make security active, restart server1 and any other servers where WebSphere Portal Express is not installed.

    1. Open a command prompt and change to the following directory:

    2. Enter the following commands to stop and start server1 and start WebSphere_Portal, if necessary.

      1. Enter the following command:

        • Linux:

          ./stopServer.sh server1 -user admin_userid -password admin_password

        • Windows:

          stopServer.bat server1 -user admin_userid -password admin_password

        • i5/OS:

          stopServer.sh server1 -profileName profile_root -user admin_userid -password admin_password

        server1 is the name of your WebSphere Application Server administrative server.

      2. Enter the following command:

        • Linux:

          ./startServer.sh server1

        • Windows:

          startServer.bat server1

        • i5/OS:

          startServer.sh server1 -profileName profile_root

        server1 is the name of your WebSphere Application Server administrative server.

      3. Enter the following command:

        • Linux:

          ./startServer.sh WebSphere_Portal

        • Windows:

          startServer.bat WebSphere_Portal

        • i5/OS:

          startServer.sh WebSphere_Portal -profileName profile_root

 

Parent topic:

Database user registry

 

Previous topic

Disabling global security

 

Next topic

Verifying your database user registry