Use this page to configure local operating system user registry settings.
Under the Custom properties link, you can add a value for the com.ibm.security.SAF.EJBROLE.Audit.Messages.Suppress property. Set this property to turn ICH408I messages on or off. The default value for this property is false, which does not suppress messages. You can set this value to true to suppress the ICH408I messages.
Setting this property either forces the creation of an ACEE or locates the ACEE of a user from the cache during ID assertion logins, ACEE information for users that have been revoked is not available. However, if you force the creation of credentials all of the time, performance can be affected.
Setting this property forces the principals returned by getRemoteUser() and getUserPrincipal() calls to be upper-case.
If this property is not set, WebSphere Application Server uses the existing case.
Specifies a valid user ID in the local OS registry.
This ID is the security server ID, which is only used for WebSphere Application Server security and is not associated with the system process that runs the server. The server calls the local OS user registry to authenticate and obtain privilege information about users by calling the native APIs in that particular user registry.
Access to native APIs is normally restricted to users
having special privileges. To use security in the application server, the
process ID (not the security server ID) on which WebSphere Application Server
runs requires enough privileges to call the system APIs. The special privilege
means that the process running WebSphere Application Server needs to be part
of the Administrators group.
The process must have the Act as part of operating
system privilege.
The process must be root or have root authority.
When using a Windows platform user registry, this ID
cannot match the name of the Windows machine. Windows platforms treat the
machine name bob as having an account similar to user bob.
Data type: | String |
Units: | Alphanumeric characters |
Specifies a valid user password that corresponds to a valid user ID in the local OS user registry.
Data type | String |
When this option is set to true, a case insensitive authorization check is performed.
SAF user IDs are usually in uppercase letters. Enabling this option is necessary only when your registry is case insensitive and does not provide a consistent case when queried for users and groups.