This topic applies only on the z/OS operating system.

Enabling global security on a base application server node

Global security activates a number of security settings WebSphere Application Server. Use this topic to enable global security on a base application server node.

About this task

Fortunately, most of the settings receive their default value from the installation scripts, which are run during server installation. The following checklist is for enabling global security on a base application server node:

Procedure

  1. Ensure that you are running W500101 or later.
  2. Ensure that the installation scripts were run and included the Global security panel. On the Global security panel, make sure that you selected the Generate RACF commands option.
  3. Ensure that you ran the job that submits the RACF commands created by the installation scripts. This job builds the keyrings and certificates.
  4. Start the server if it is not already started.
  5. Go to the administrative console. Sign in using any user ID. A password is not needed.
  6. Click Security > Global security. Under Authentication, click Authentication mechanisms > LTPA. Type a password and confirm it by entering it again. Click Apply > Save.
  7. Click Security > Global security. Under User registries, click Local OS. Under additional properties, click Custom Properties. If you want WebSphere Application Server to use RACF EJBROLE profiles for determining if a user has a role, select com.ibm.security.SAF.authorization and com.ibm.security.SAF.delegation and set them to true. Otherwise, leave them set to false. If you change them, click Apply and Save. If you chose to use EJBROLE profiles, use RACF to PERMIT your administrative user IDs to the EJBROLE class profile administrator. If you chose not to use EJBROLE profiles, you should click System Administration > Console Users, and add your user IDs as administrators. Click Apply and Save.
  8. Click Security > Global security. Under User registries, click Local OS. Under Additional properties, click Custom properties.
  9. Click Security > Global Security. Select the Enable global security option and then deselect the Enforce Java 2 Security option. The Active Protocol should be CSI and SAS. The Active Authentication Mechanism should be LTPA. The Active User Registry should be Local OS. Click Apply and Save.
  10. Select the Enable the selected repository option so that the local operating system is used as the user account repository.

Results

Now you can restart your server and use your browser to connect to the administrative console. The server will successfully redirect you to the Secure Sockets Layer (SSL) port where you get the usual certificate warnings. The login page displays where you can enter the valid administrative user ID and password.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 10:43:27 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v602web&product=was-nd-mp&topic=tsecenablgloblappl
File name: tsec_enablgloblappl.html