Add realm support on Linux

 

+

Search Tips   |   Advanced Search

 

A realm is a group of users from one or more user registries that form a coherent group within portal.

A realm must be mapped to a virtual portal to allow the defined users to log in to the virtual portal. When configuring realm support.

Perform the following steps for each base entry that exists in your LDAP and/or database user registry to create multiple realm support.

Before creating realms....

To add realm support to your user registry model:

  1. Edit...

    WP_PROFILE/ConfigEngine/properties/wkplc.properties...

  2. Enter a value for the following required parameters under the VMM realm configuration heading:

    • realmName
    • securityUse
    • delimiter
    • addBaseEntry

  3. Save changes to wkplc.properties.

  4. To add a new realm to the Virtual Member Manager configuration.

    WP_PROFILE/ConfigEngine
    ./ConfigEngine.sh wp-create-realm -DWasPassword=wpsadmin

    To create multiple realms...

    • Ensure the federated repository contains the required unique base entries
    • Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers
    • Update wkplc.properties with the base entry information
    • Rerun the wp-create-realm task

    Repeat these steps until all realms are created.

  5. To propagate the security changes:

    Option Description
    Stand-alone environment cd WP_PROFILE/bin
    ./stopServer.sh server1 -username adminid -password passwd
    ./stopServer.sh WebSphere_Portal -username adminid -password passwd
    ./startServer.sh server1
    ./startServer.sh WebSphere_Portal
    Clustered environment cd dmgr_profile_root\bin
    ./stopManager.sh
    cd WP_PROFILE/bin
    ./stopNode.sh -username adminid -password passwd
    ./stopServer.sh server1 -username adminid -password passwd
    ./stopServer.sh WebSphere_Portal -username adminid -password passwd
    cd dmgr_profile_root\bin
    ./startManager.sh
    cd WP_PROFILE/bin
    ./startNode.sh
    ./startServer.sh server1
    ./startServer.sh WebSphere_Portal

  6. Enter a value for the following required parameters in wkplc.properties under the VMM realm configuration heading and then save your changes:

    • realmName
    • realm.personAccountParent
    • realm.groupParent
    • realm.orgContainerParent

  7. To update the default parents per entity type and realm.

    WP_PROFILE/ConfigEngine
    ./ConfigEngine.sh wp-modify-realm-defaultparents -DWasPassword=wpsadmin

    Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers before rerunning this task for any additional entity types and realms.

  8. To propagate the security changes:

    Option Description
    Stand-alone environment cd WP_PROFILE/bin
    ./stopServer.sh server1 -username adminid -password passwd
    ./stopServer.sh WebSphere_Portal -username adminid -password passwd
    ./startServer.sh server1
    ./startServer.sh WebSphere_Portal
    Clustered environment cd dmgr_profile_root\bin
    ./stopManager.sh
    cd WP_PROFILE/bin
    ./stopNode.sh -username adminid -password passwd
    ./stopServer.sh server1 -username adminid -password passwd
    ./stopServer.sh WebSphere_Portal -username adminid -password passwd
    cd dmgr_profile_root\bin
    ./startManager.sh
    cd WP_PROFILE/bin
    ./startNode.sh
    ./startServer.sh server1
    ./startServer.sh WebSphere_Portal

  9. Optional

    To add additional base entries to the realm configuration. For example if you had two additional base entries (base entry 1 and base entry 2) to add to the realm you just created, you would update wkplc.properties with the information from base entry 1 and then run this task. Then you would update the properties file with the information for base entry 2 and then run this task:

    1. Edit...

      WP_PROFILE/ConfigEngine/properties/wkplc.properties

    2. Enter a value for the following required parameters in the wkplc.properties file under the VMM realm configuration heading:

      • realmName
      • addBaseEntry

    3. Save changes to wkplc.properties.

    4. To add additional LDAP base entries to the realm configuration.

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh wp-add-realm-baseentry -DWasPassword=wpsadmin

    5. Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.

  10. To replace the WAS and WebSphere Portal administrator user ID; this step is required if you change the default realm:

    1. Create a new user in the Manage Users and Groups portlet to replace the current WAS administrative user.

    2. Create a new user in the Manage Users and Groups portlet to replace the current WebSphere Portal administrative user.

    3. Create a new group in the Manage Users and Groups portlet to replace the current group.

    4. Run...

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh wp-change-was-admin-user -DnewAdminId=newadminid –DnewAdminPw=newpassword

      ...directory, to replace the old WAS administrative user with the new user.

      This task verifies the user against a running server instance. If the server is stopped, add...

      -Dskip.ldap.validation=true

      ...to the task to skip the validation.

    5. Verify that the task completed successfully. In a clustered environment, restart the deployment manager, the node agent(s), server1, and WebSphere_Portal servers. In a stand-alone environment, restart the server1 and WebSphere_Portal servers.

    6. To replace the old WebSphere Portal administrative user with the new user.

      ./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=newadminid –DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroup
      This task verifies the user against a running LDAP server instance when LDAP security is enabled. If the LDAP server is stopped, add the -Dskip.ldap.validation=true parameter to the task to skip the validation.

    7. Verify that the task completed successfully. In a clustered environment, restart the deployment manager, the node agent(s), server1, and WebSphere_Portal servers. In a stand-alone environment, restart the server1 and WebSphere_Portal servers.

  11. Optional

    To set the realm you created as the default realm:

    1. Edit...

      WP_PROFILE/ConfigEngine/properties/wkplc.properties

    2. For defaultRealmName, type the realmName property value you want to use as the default realm.

    3. Save changes to the wkplc.properties file.

    4. To set this realm as the default realm...

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh wp-default-realm -DWasPassword=wpsadmin

    5. Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.

  12. Optional

    To query a realm for a list of its base entries:

    1. Edit wkplc.properties

      WP_PROFILE/ConfigEngine/properties.

    2. For realmName, type the name of the realm you want to query.

    3. Save changes to the wkplc.properties file.

    4. To list the base entries for a specific realm.

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh wp-query-realm-baseentry -DWasPassword=wpsadmin

  13. Optional

    To enable the full distinguished name login if the short names are not unique for the realm:

    1. Edit...

      WP_PROFILE/ConfigEngine/properties/wkplc.properties

    2. Enter a value for realmName or leave blank to update the default realm.

    3. Save changes to wkplc.properties.

    4. To enable the distinguished name login...

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=wpsadmin

    5. Stop and restart the deployment manager, the node agent(s), server1, and the WebSphere_Portal servers.

 

Parent topic

Configure the default federated repository on Linux