WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring global security

Why and when to perform this task

The enablement process is divided into two steps. Configuring and enabling global security in the Network Deployment environment differs from a standalone base application server. In the Network Deployment environment, the configuration is stored temporarily on the Deployment Manager until it gets synced up with all of the Node Agents. Also, the Network Deployment environment uses LTPA as the authentication mechanism so that credentials can be forwarded among processes securely. LTPA requires the following additional configuration steps:
  1. Configure security so that the right information is provided for global security, which will be propagated to all of the nodes.
  2. Enable security on all nodes. This includes ensuring that the files are synchronized and that the processes all get restarted in the correct order. After security is enabled in a process, it cannot accept some commands that have required access rights assigned. Therefore, the order of the processes that get restarted is important.

Complete the following steps to configure global security in the WebSphere Application Server Version 6 environment.

Steps for this task

  1. Configure the User Registry.
    1. For LocalOS, enter the server's user ID and password that will be used to authenticate other users and is given administrative privileges for other WebSphere tasks. Make sure the user ID provided has "Act as Part of Operating System" privileges in Windows and root privilege in UNIX environments. Click Apply or OK to save the changes.
    2. For Lightweight Directory Access Protocol (LDAP), enter the server's user ID and password. Ensure that this user ID is not the LDAP administrative user ID. Enter the LDAP type, host, port, and base distinguished name (DN). These are the required fields. Configure any other LDAP properties as necessary including the Advanced LDAP properties. Remember to click Apply or OK at each panel to save the changes.
    3. For Custom, enter the server's user ID and password. Also, enter the class name of the implementation of the custom user registry. This should implement the com.ibm.websphere.security.UserRegistry interface. Click Apply or OK to save the changes.
  2. Configure the LTPA authentication mechanism.
    1. Enter a password for generating LTPA keys. Re-enter the password for validation. Click Apply to save the password. Next, press the Generate Keys button to generate a set of keys for use in encrypting LTPA tokens.
    2. Configure Single Signon (SSO). Click on the link below to go to the Single Signon panel. Make sure it is enabled and enter the domain portion of the servers hostname. This is the austin.ibm.com portion for a server host of machine1.austin.ibm.com. Click Apply or OK to save the changes.
  3. Configure the Global Security panel.
    1. Choose which Active User Registry you want to use based on the one you configured above. Change any other attributes on this panel as desired. Click on the enable check box to turn ON global security.
    2. Select Apply to validate the changes you've made above. If there are any problems reported above in the Messages section, try going back through the configuration to see if there is something that was missed. Verify that the server ID used for the user registry is valid.
    3. Do not shut down the Deployment Manager or Node Agents yet. Go to "Steps to enable global security in ND" for the correct procedure for allowing this configuration to propagate to all of the nodes in the right sequence.
  4. Select Save to write the changes out to the repository.



Related concepts
J2EE connector security
Introduction: Security

Related tasks
Enabling global security
Configuring Java 2 security

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_gst.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)