Portal security with a Member Manager database
Overview
Follow these steps for a Member Manager database-only configuration in WAS. This procedure enables WAS Global Security and manually deploys portlets. Perform this procedure only if you will use a Member Manager database-only configuration for authentication. Do not use this procedure if you plan to use a...
- Custom user registry that you created.
- LDAP + Lookaside configuration.
- LDAP directory for authentication.
Procedure
- Disable WAS Global Security
- Make a backup copy of...
/qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.properties- Edit...
/qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.propertiesDo not change any settings other than those specified in these steps.
You can modify wpconfig.properties locally on an iSeries system by using...
EDTF '/qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.propertiesModify parameters...
Section Property Value WAS properties LTPAPassword
Description: Password to encrypt and decrypt the LTPA keys. Recommended: None Default: None WasUserid
Description: User ID for WAS security authentication. Must not contain any suffixes in the custom user registry case. Recommended: wpsbind CUR value: wpsbind WasPassword
Description: Password for WAS security authentication. Recommended: None Default: None LTPATimeout
Description: Time out for the LTPA bind Recommended: 120 Default: 120 WebSphere Portal configuration PortalAdminId
Description: User ID of the Portal administrator. Must not contain any suffixes in the custom user registry case. Recommended: uid=<portaladminid> o=default organization Default: None PortalAdminIdShort
Description: The short form of the user ID for the Portal administrator, as defined in the PortalAdminId property. Recommended: portaladminid Default: None PortalAdminPwd
Description: Password for the Portal administrator (PortalAdminId). Recommended: None Default: None PortalAdminGroupId
Description: The group ID for the group to which the Portal administrator belongs. Recommended: cn=<portaladmingroupid>,o=default organization Default: None PortalAdminGroupIdShort
Description: The short form of the group ID for the Portal administrator, as defined in the PortalAdminGroupId property. Recommended: portaladmingroupid Default: None Custom User Registry configuration properties CUClassName
Description: Specifies a dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface (should be in the class path). Recommended: com.ibm.websphere.wmm.registry.WMMCustomRegistry Default: com.ibm.websphere.wmm.registry.WMMCustomRegistry Database configuration Dbuser
Description: User ID for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminId
DbPassword
Description: Password for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminPwd WmmDbUser
Description: User ID for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminId If you are migrating from a previous version of WebSphere Portal, this value must match the database user name for the WebSphere Member Services database from the previous WebSphere Portal version.
WmmDbPassword
Description: Password for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminPwd
- Save the file.
- Start the Qshell Interpreter by entering the following on an OS/400 command line:
STRQSH- Change to the directory...
/qibm/userdata/webas5/base/<instance>/portalserver5/config- Enter the following command to run the configuration task:
WPSconfig.sh enable-security-curCheck the output for any error messages before proceeding with any additional tasks. If the configuration task fails, verify the values in the wpconfig.properties file. Before running the task again, be sure to stop the WebSphere Portal Application Server by entering the following command from the...
/qibm/proddata/webas5/pme/bin...directory and specify the WAS user ID and password (as defined by the WasUserid and WasPassword properties):
stopServer -instance <instance> <app_server> -user was_userid -password was_passwordIf you stop the WAS, be sure to restart it before continuing:
startServer -instance <instance> <app_server>
Verifying configuration
- Open a Web browser and enter the portal page URL:
http://<hostname.yourco.com >:<port_number>/wps/portal
...where hostname.yourco.com is the fully qualified host name of the machine where WebSphere Portal is running and port_number is the transport port that is created by WAS.
This value is also stored in the WpsHostPort property in...
/qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.propertiesFor example,...
http://www.ibm.com:9081/wps/portalIf you have customized the portal page URL, for example by modifying the base URI portion of the default URL (wps) or the portal page (portal), be sure to enter the customized URL.
- The portal should load in the browser.
If you get an Internal Server Error, WAS might not have completely started yet. Wait a couple of minutes to ensure that WAS has completely started and try to access the portal page again.
- Verify that you are still able to log in as the portal administrator now that security is enabled. Click Log in, then enter the administrative user ID and password. Click Log in again.
See also