Add realm support on AIX
A realm is a group of users from one or more user registries that form a coherent group within IBM WebSphere Portal. Realms allow flexible user management with various configuration options.
A realm must be mapped to a Virtual Portal to allow the defined users to log in to the Virtual Portal. When configuring realm support, you can perform these steps for each base entry that exists in your LDAP and/or database user registry to create multiple realm support.
Before configuring realm support, add all LDAP user registries and/or database user registries, that you will use to create a single realm or multiple realms, to the federated repository.
If you are going to create multiple realms, create all required base entries within your LDAP user registries and/or database user registries.
All base entry names must be unique within the federated repository.
Ensure that the server1 and WebSphere_Portal servers are started before starting this task.
Perform the following steps to add realm support to your user registry model:
- Edit wkplc.properties located in WP_PROFILE/ConfigEngine/properties.
- Enter a value for the following required parameters in the wkplc.properties file under the VMM realm configuration heading:
- realmName
- securityUse
- delimiter
- addBaseEntry
- Save changes to the wkplc.properties file.
- Run...
./ConfigEngine.sh wp-create-realm -DWasPassword=wpsadmin
...from WP_PROFILE/ConfigEngine directory to add a new realm to the Virtual Member Manager configuration.
To create multiple realms, ensure that your federated repository contains the required unique base entries. Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers, and then update the wkplc.properties file with the base entry information and rerun the wp-create-realm task. Repeat these steps until all realms are created.
- To propagate the security changes:
Option Description Stand-alone environment cd WP_PROFILE/bin
./stopServer.sh server1 -username adminid -password passwd
./stopServer.sh WebSphere_Portal -username adminid -password passwd
./startServer.sh server1
./startServer.sh WebSphere_PortalClustered environment cd dmgr_profile_root\bin
./stopManager.sh
cd WP_PROFILE/bin
./stopNode.sh -username adminid -password passwd
./stopServer.sh server1 -username adminid -password passwd
./stopServer.sh WebSphere_Portal -username adminid -password passwd
cd dmgr_profile_root\bin
./startManager.sh
cd WP_PROFILE/bin
./startNode.sh
./startServer.sh server1
./startServer.sh WebSphere_Portal- Enter a value for the following required parameters in the wkplc.properties file under the VMM realm configuration heading and then save your changes:
- realmName
- realm.personAccountParent
- realm.groupParent
- realm.orgContainerParent
- Run...
./ConfigEngine.sh wp-modify-realm-defaultparents -DWasPassword=wpsadmin
... from the...
WP_PROFILE/ConfigEngine
...directory, to update the default parents per entity type and realm.
Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers before rerunning this task for any additional entity types and realms.
- To propagate the security changes:
Option Description Stand-alone environment cd WP_PROFILE/bin
./stopServer.sh server1 -username adminid -password passwd
./stopServer.sh WebSphere_Portal -username adminid -password passwd
./startServer.sh server1
./startServer.sh WebSphere_PortalClustered environment cd dmgr_profile_root\bin
./stopManager.sh
cd WP_PROFILE/bin
./stopNode.sh -username adminid -password passwd
./stopServer.sh server1 -username adminid -password passwd
./stopServer.sh WebSphere_Portal -username adminid -password passwd
cd dmgr_profile_root\bin
./startManager.sh
cd WP_PROFILE/bin
./startNode.sh
./startServer.sh server1
./startServer.sh WebSphere_Portal- Optional
To add additional base entries to the realm configuration. For example...
if you had two additional base entries (base entry 1 and base entry 2) to add to the realm you just created, you would update the wkplc.properties file with the information from base entry 1 and then run this task. Then you would update the properties file with the information for base entry 2 and then run this task:
- Edit wkplc.properties located in WP_PROFILE/ConfigEngine/properties.
- Enter a value for the following required parameters in the wkplc.properties file under the VMM realm configuration heading:
- realmName
- addBaseEntry
- Save changes to the wkplc.properties file.
- Run...
./ConfigEngine.sh wp-add-realm-baseentry -DWasPassword=wpsadmin
... from the...
WP_PROFILE/ConfigEngine
...directory, to add additional LDAP base entries to the realm configuration.
- Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.
- To replace the WAS and WebSphere Portal administrator user ID; this step is required if you change the default realm:
- Create a new user in the Manage Users and Groups portlet to replace the current WAS administrative user.
- Create a new user in the Manage Users and Groups portlet to replace the current WebSphere Portal administrative user.
- Create a new group in the Manage Users and Groups portlet to replace the current group.
- Run the ./ConfigEngine.sh wp-change-was-admin-user -DnewAdminId=newadminid –DnewAdminPw=newpassword from the...
WP_PROFILE/ConfigEngine
...directory, to replace the old WAS administrative user with the new user.
This task verifies the user against a running server instance. If the server is stopped, add the -Dskip.ldap.validation=true parameter to the task to skip the validation.
- Verify that the task completed successfully. In a clustered environment, restart the deployment manager, the node agent(s), server1, and WebSphere_Portal servers. In a stand-alone environment, restart the server1 and WebSphere_Portal servers.
- Run the ./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=newadminid –DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroup task to replace the old WebSphere Portal administrative user with the new user.
This task verifies the user against a running LDAP server instance when LDAP security is enabled. If the LDAP server is stopped, add the -Dskip.ldap.validation=true parameter to the task to skip the validation.
- Verify that the task completed successfully. In a clustered environment, restart the deployment manager, the node agent(s), server1, and WebSphere_Portal servers. In a stand-alone environment, restart the server1 and WebSphere_Portal servers.
- Optional
To set the realm you created as the default realm:
- Edit wkplc.properties located in WP_PROFILE/ConfigEngine/properties.
- For defaultRealmName, type the realmName property value you want to use as the default realm.
- Save changes to the wkplc.properties file.
- Run...
./ConfigEngine.sh wp-default-realm -DWasPassword=wpsadmin
... from the...
WP_PROFILE/ConfigEngine
...directory, to set this realm as the default realm.
- Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.
- Optional
To query a realm for a list of its base entries:
- Edit wkplc.properties located in WP_PROFILE/ConfigEngine/properties.
- For realmName, type the name of the realm you want to query.
- Save changes to the wkplc.properties file.
- Run...
./ConfigEngine.sh wp-query-realm-baseentry -DWasPassword=wpsadmin
... from the...
WP_PROFILE/ConfigEngine
...directory, to list the base entries for a specific realm.
- Optional
To enable the full distinguished name login if the short names are not unique for the realm:
- Edit wkplc.properties located in WP_PROFILE/ConfigEngine/properties.
- Enter a value for realmName or leave blank to update the default realm.
- Save changes to the wkplc.properties file.
- Run...
./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=wpsadmin
... in WP_PROFILE/ConfigEngine directory, to enable the distinguished name login.
- Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.
Parent topic
Configure the default federated repository on AIX