Enabling security with an operating system user registry

AIXLinuxSun Solaris Operating Environment To use the operating system as a user registry, WebSphere Application Server needs to be run as the root ID. Run WebSphere Application Server as root and perform the following steps.

i5/OSiSeriesWindows To enable WebSphere Application Server security when you are using the operating system user validation as the WebSphere Application Server user registry, log in as a user with administrative authority and perform the following steps.

  1. AIXLinuxSun Solaris Operating Environment Login as root.
  2. AIXLinuxSun Solaris Operating Environment Start the WebSphere Application Server and launch the WebSphere Application Server Administration Console while logged in as root. To startup the server:
    cd WAS_installdir/bin
    ./startServer server 
    
    where server is the name of the WebSphere Application Server application server, for example, server1.
  3. In the WebSphere Application Server Administration Console, modify the global security settings as follows:
    1. In the Administration Console, expand Security, expand User Registries and click Local OS. Fill in the fields in the Configuration tab as follows, for your security registry server:
      Field Name Sample Values Notes
      Server User ID wcsuser
      • i5/OSiSeries The user ID should have *SECOFR authority.
      • AIXSun Solaris Operating EnvironmentLinux A user ID that is root or has root authority.
      • Windows The user ID with operating system administrative privileges that you logged in with. If the machine belongs to a domain, use the fully-qualified user ID. For example: DomainXYZ\user_id. Ensure that this account exists in the domain server and is a member of the Administrator's group.
      Security Server Password password This is the password belonging to the user with operating system administrative privileges that you logged in with.
      Click Apply and then Save.
    2. In the Administration Console, expand Security and click Global Security.
      1. In the Global Security Configuration tab, select Enabled and clear Enforce Java 2 Security.
      2. In the Active Authentication Mechanism field, select SWAM (Simple WebSphere Authentication Mechanism.
      3. In the Active User Registry field, select Local OS.
      4. Click Apply and then Save.
  4. In the Administration Console, expand Applications, then click Enterprise Applications.
    1. In the Enterprise Applications window, click your Commerce application, WC_instance_name (for example, WC_demo).
    2. Under Additional Properties, click Map security roles to users/groups.
    3. Click Lookup users and locate the user whose role you wish to map.
    4. For that user, select the WCSecurityRole and click OK.
  5. Open the WebSphere Commerce Configuration Manager and select Instances List -> instance_name -> Instance Properties-> Security and select the Enable Security check box. Select Operating System User Registry for the authentication mode, and to enter the user name and password that you entered in step 1. Click Apply then exit Configuration Manager.
  6. Stop and restart the WebSphere Application Server administration server. From now on, when you open the WebSphere Application Server Administration Console, you will be prompted for the Security Server ID and password.

Feedback