Enable WebSphere Application Server security for WebSphere Portal

 

+
Search Tips   |   Advanced Search

 


Overview

After you have installed WebSphere Portal, configure security for the portal. Enabling security provides additional access control and allows you to take advantage of single signon (SSO). This section focuses on manual configuration of WebSphere Portal security. Manual configuration is recommended for advanced users or those with special security requirements. The following security configurations are possible:

You might want to use a database user registry or a custom user registry if:

  • You do not have an LDAP server.

  • You need the user registry solely for the portal. In this case, you store all user data in the database user registry.

  • You have an existing custom user registry that does not offer an LDAP interface. In this case, you use the database user registry and plug in an adapter to your custom user registry.

  • You need realm support for a Virtual Portal

You might want to use an LDAP with realm support configuration or a custom user registry if:

  • You have an existing LDAP user registry

  • You need realm support for a Virtual Portal

You might want to use an LDAP user registry if:

Database connections do not offer a standard mechanism for securing the transport layer. Use IPSec between the portal machine and the database machine. You cannot use the Secure Sockets Layer (SSL) protocol to encrypt connections between WebSphere Portal and the custom user registry. Custom user registry connections are secure because passwords travel only in hashed form, never in the clear.

 

Users and groups not moved to new registry after running enable-security-xxx tasks

The enable-security-xxx tasks do not move users and groups from one registry to another. For example, running the enable-security-ldap task does not move users and groups from the Cloudscape database to an LDAP user registry.

Solution: Manually move users and groups to the final user registry as soon as possible after installation. If you use an LDAP user registry or a customer-supplied custom user registry, use registry-specific tools to re-create the users and groups. If you use a database user registry configuration (an IBM-supplied custom user registry), create your users and groups after running the enable-security-xxx task.

 

Security considerations for the WebSphere Portal database during an LDAP transfer

It is recommended that you enable security before adding documents to the Content repository. If documents already exist in this repository, unlock all Document Manager and Personalization documents before enabling security. Documents in these applications that are locked by users who are not transferred to the new LDAP repository will not be able to be unlocked. In addition to remaining locked, those documents might not be able to be removed.

Note that Document Manager and Personalization user fields such as the author and last modifier will be unrecoverable if they were set to users who did not transfer to the new LDAP repository.

 

See also

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

 

Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.