Administration guide > Secure the deployment environment > Tutorial: Security in a mixed environment > Module 2: Configure authentication


Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security in a mixed environment with an external authenticator > Module 2: Configure WebSphere eXtreme Scale authentication in a mixed environment >

< Previous | Next >


Lesson 2.3: Configure container server security

When a container server connects to the catalog service, the container server gets all the security configurations that are configured in the Object Grid Security XML file. The ObjectGrid Security XML file defines authenticator configuration, the login session timeout value, and other configuration information. A container server also has its own server-specific security properties in the server property file.

Configure the server property file with the -Dobjectgrid.server.props JVM (JVM) property. The file name specified for this property is an absolute file path, such as samples_home/security_extauth/server3.props.

In this tutorial, the container servers are hosted in the xs1 and xs2 servers in the xsCluster cluster.


server3.props file

The server3.props file is in the samples_home/security_extauth/ directory. The content of the server3.props file follows:

securityEnabled=true
credentialAuthentication=Required
secureTokenManagerType=none
authenticationSecret=ObjectGridDefaultSecret

securityEnabled

The securityEnabled property is set to true to indicate that this container server is a secure server.

credentialAuthentication

The credentialAuthentication property is set to Required, so any client that is connecting to the server is required to provide a credential. In the client property file, the credentialAuthentication property is set to Supported, so the server receives the credential that is sent by the client.

secureTokenManagerType

The secureTokenManagerType is set to none to indicate that the authentication secret is not encrypted when joining the existing servers.

authenticationSecret

The authenticationSecret property is set to ObjectGridDefaultSecret. This secret string is used to join the eXtreme Scale server cluster. When a server joins the data grid, it is challenged to present the secret string. If the secret string of the joining server matches the string in the catalog server, the joining server is accepted. If the string does not match, the join request is rejected.


Set the server properties file with JVM properties

Set the server properties file on the xs1 and xs2 servers. If you are not using the topology for this tutorial, set the server properties file on all of the application servers that you are using to host container servers.

  1. Open the Java™ virtual machine page for the server. Servers > WebSphere application servers > server_name > Java and Process Management > Process definition > Java Virtual Machine.

  2. Add the generic JVM argument:

    -Dobjectgrid.server.props=samples_home/security_extauth/server3.props
    

  3. Click OK and save the changes.


Add the custom login module

The container server uses the same KeyStoreAuthenticator implementation as the catalog server. The KeyStoreAuthenticator implementation uses a KeyStoreLogin login module alias, so you must add a custom login module to the application login model entries.

  1. In the WebSphere Application Server administrative console, click Security > Global security > Java Authentication and Authorization Service.

  2. Click Application logins.

  3. Click New, add an alias KeyStoreLogin. Click Apply.

  4. Under JAAS login modules, click New.

  5. Enter com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginModule as the module class name, and choose SUFFICIENT as the authentication strategy. Click Apply.

  6. Add the keyStoreFile custom property with value samples_home/security_extauth/sampleKS.jks.

  7. Optional: Add the debug custom property with value true.

  8. Save the configuration.


Lesson checkpoint

Now the WebSphere eXtreme Scale server authentication is secured. By configuring this security, all the applications that try to connect to the WebSphere eXtreme Scale servers are required to provide a credential. In this tutorial, the KeyStoreLoginAuthenticator is the authenticator. As a result, the client is required to provide a user name and password.

< Previous | Next >


+

Search Tips   |   Advanced Search