Standalone custom registry settings

Use this page to configure the standalone custom registry.

To view this administrative console page, complete the following steps:
  1. Click Security > Secure administration, applications, and infrastructure.
  2. Under User account repository, click the Available realm definitions drop-down list, select Standalone custom registry, and click Configure.
After the properties are set in this panel, click Apply. Under Additional Properties, click Custom properties to include additional properties that the custom user registry requires.
Note: Custom properties might include information such as specifying lists of users or groups.

When security is enabled and any of these custom user registry settings change, go to the Secure administration, applications, and infrastructure panel and click Apply to validate the changes.

WebSphere Application Server Version 6.1 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository.

[AIX HP-UX Linux Solaris Windows] However, if you are adding a Version 5.0.x or 6.0.x node to a Version 6.1 cell, you must ensure that the Version 5.x or Version 6.0.x server identity and password are defined in the repository for this cell. Enter the server user identity and password on this panel.

Avoid trouble [z/OS] Avoid trouble: Any settings that are related to the System Authorization Facility (SAF) might not be visible on this panel. To modify these settings:
  1. Go to the panel for SAF by clicking Security > Global security > External authorization providers.
  2. Select System Authorization Facility (SAF) from the drop-down list under the Authorization provider option.
  3. Click Configure.
gotcha

Configuration tab

Primary administrative user name

Specifies the name of a user with administrative privileges that is defined in your custom user registry.

The user name is used to log onto the administrative console when administrative security is enabled. Version 6.1 requires an administrative user that is distinct from the server user identity so that administrative actions can be audited.
Attention: In WebSphere Application Server, Versions 5.x and 6.0.x, a single user identity is required for both administrative access and internal process communication. When migrating to Version 6.1, this identity is used as the server user identity. You need to specify another user for the administrative user identity.

Automatically generated server identity

Enables the application server to generate the server identity, which is recommended for environments that contain only Version 6.1 or later nodes. Automatically generated server identities are not stored in a user repository.

This internal server ID is generated by the runtime for each process and cannot be modified.

Default: Enabled

Server identity that is stored in the repository

[AIX HP-UX Linux Solaris Windows] [iSeries]

Specifies a user identity in the repository that is used for internal process communication. Cells that contain Version 5.x or 6.0.x nodes require a server user identity that is defined in the active user repository.

Default: Enabled

Server user ID or administrative user on a Version 6.0.x node

[AIX HP-UX Linux Solaris Windows]

Specifies the user ID that is used to run the application server for security purposes.

Password

[AIX HP-UX Linux Solaris Windows]

Specifies the password that corresponds to the server ID.

Custom registry class name

Specifies a dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface.

Put the custom registry class name in the class path. A suggested location is the following directory.

  • [z/OS] [AIX HP-UX Linux Solaris Windows] %install_root%/lib/ext
  • [iSeries] profile_root/classes
Data type: String
Default: com.ibm.websphere.security.FileRegistrySample

Ignore case for authorization

Indicates that a case-insensitive authorization check is performed when you use the default authorization.

Default: Disabled
Range: Enabled or Disabled



Related tasks
[iSeries] Creating a classes subdirectory in your profile for custom classes
Configuring standalone custom registries
Related reference
getRemoteUser and getAuthType methods
Standalone custom registry wizard settings
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=usec_customreg
File name: usec_customreg.html