Configure global security

It is helpful to understand security from an infrastructure standpoint so that you know the advantages of different authentication mechanisms, user registries, authentication protocols, and so on. Picking the right security components to meet your needs is a part of configuring global security. For more information, see Global security.

When you understand the security components, you can proceed to configure global security in WebSphere Application Server.

Perform these steps:

  1. Start the WebSphere Application Server administrative console.
    If security is currently disabled, log in with any user ID. If security is currently enabled, log in with a predefined administrative ID and password (this is typically the server user ID specified when you configured the user registry).

    In left navigation menu of the administrative console, click Security.

  2. Configure a user registry
    WebSphere security requires the a user registry, which is used to authenticate users to protected resources.

  3. Configure the authentication mechanism
    Configure the mechanism the WebSphere Application Server uses to authenticate users.

  4. (Optional) Configure single signon.
    If you configured LTPA as your authentication mechanism and your applications contain form-based login, you may want to configure single signon.

  5. (Optional) Configure a trust association interceptor
    If you are using a third-party reverse-proxy server (such as WebSeal) in your topology, see this topic for more information.

  6. (Optional) Change the default SSL keystore and truststore files
    WebSphere Application Server ships with default SSL keystore and truststore files that should not be used in a production environment, although they can be used in test environments. See this topic for more information.

  7. (Optional) Configure the authentication protocol
    If you are using application clients or have a multiple-server environment, configure the authentication protocol for your environment.

  8. (Optional) Configure authorization security for the embedded WebSphere JMS provider
    If you are using WebSphere JMS, see this topic for information about controlling access to JMS resources.

  9. Enable global security
    After you have completed configuring your security settings, enable global security