Configuring inbound trusted realms for multiple security domains

You can configure which realms to grant inbound trust to for multiple security domains. The trust relationship between realms is used when communicating with Lightweight Third-Party Authentication (LTPA) tokens. Once a LTPA token is decrypted by the receiving server, the realm in the token is checked to see if it is trusted. If it is not, the validation of the token fails. A realm represents a user registry in WebSphere® Application Server.

Before you begin

For information on cross realm communications, read the section in Multiple security domains.

Only users assigned to the administrator role can configure multiple security domains. Enable global security in your environment before configuring multiple security domains.

Perform the following steps to grant inbound trusted realms for multiple security domains using the administrative console:

Procedure

  1. Click Security > Security domains.
  2. Select a domain to edit or create a new one. Under Security Attributes, click User realm.
  3. Click Customize for this domain.
  4. Under Related Items, select Trusted authentication realms - inbound.
  5. Select Trust all realms (including those external to this cell) or Trust realms as indicated below. If Kerberos authentication is enabled, and you have cross realms or trusted realms, you must add the Kerberos trusted realm by selecting Trust realms as indicated below.
  6. Click Apply.

What to do next

The realms you selected to trust accept messages from other trusted realms but do not accept messages from untrusted realms. Select Add External Realm to add trust for realms that are external to this cell.




In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 3:02:28 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v700osgijpa&product=was-nd-mp&topic=tsec_sec_realm_trust
File name: tsec_sec_realm_trust.html