Configure a Application Server security domain

Application Server supports Security Domains that have the flexibility to use different security configurations.

We can configure Application Server to use different security attributes, such as the UserRegistry, for different applications. This example configuration creates a security domain for IBM Security Identity Manager with a stand-alone LDAP user registry..

We can skip the next procedure if either of the following conditions apply.

• You already configured Application Server global security with the user registry to use for IBM Security Identity Manager authentication.
• You already configured a security domain for Application Server with the user registry to use for IBM Security Identity Manager authentication.

During IBM Security Identity Manager installation, we can choose to use the existing realm for the application server.

1. Log on to the administrative console as an administrator.

2. Go to Security > Security domains. Click New to create a security domain for IBM Security Identity Manager.

3. Enter a name we want in the Name field. Click OK and save the changes.
4. After the new security domain is created, click the security domain name to configure the security attributes for the domain.

5. When we click the security domain name, the Security Domain page is shown. We must configure a number of settings. In the Assigned Scopes section, select the Application Server where IBM Security Identity Manager is to be installed.

6. In the Security Attributes section:
   1. Under Application Security, click Enable application security.
   2. For Java™ 2 Security, accept the default of Disabled, to optimize performance.
   3. Under User Realm, select Standalone LDAP registry and click Configure...

7. On the Stand-alone LDAP registry page, provide the values specified in the table:

   Field	Description
   Realm name	Provide the realm name as whatever we want.
   Enter of LDAP server:	For this example, IBM Tivoli Directory Server
   Host	The IBM Security Directory Server host name or IP address
   Port	The LDAP server port for IBM Security Directory Server
   Base DN	The base DN of the LDAP registry
   Bind DN	The user DN that is bound to the LDAP registry.
   Bind password	The password of the bind user.

8. Click Test Connection to ensure that Application Server can communicate with the LDAP registry.
9. After the connection test is successful, click OK and save the changes.
10. After the user realm basic security attributes are configured, set the advanced LDAP settings for this user realm.

    1. Click the security domain name.

    2. Click Configure (next to the realm name).

    3. Select Set Advanced Lightweight Directory Access Protocal (LDAP) user registry setting link on the Stand-alone LDAP registry attribute setting page.

11. Click OK and save the changes. From the Stand-alone LDAP registry page, click OK and save the changes.

12. When you save the changes, we are redirected to the domain list page. Select the domain name to continue configuring the remaining security attributes for this domain.

    Review the default settings and change any that apply to your deployment.

13. Click OK and save the changes.
14. Restart Application Server.

You completed the Application Server security domain configuration. We can now install IBM Security Identity Manager.

Parent topic: Preinstall configuration for authentication with an external user registry

Related tasks

• Collecting information from the external user registry
• Add required users to the external user registry