Security configuration report
The security configuration report gathers and displays the current security settings of the application server. Information is gathered about core security settings, administrative users and groups, CORBA naming roles, and cookie protection. When multiple security domains are configured, each security domain has it's own report with a subset of the sections shown in the global security report that apply to the domain.
The security configuration report now includes information about session security, web Attributes, and the HttpOnly setting to enable you to get a more complete view of your server security settings.
The report is a table with four columns: Console Name, Security Configuration Name, Value and Console Path Name. The security information gathered is divided into sections, and groups common security information. A row highlighted in blue with a title in the first column starts a new section.
The Security Configuration Report can be run from the administrative console by selecting and then clicking Security Configuration Report. A new window displays the report information.
The columns
- Console Name
- Contains the name of the security attribute as found in the administrative console. If the value in this column is on a row highlighted in blue, and is the only entry on the row, then it is the start of a new section.
- Security Configuration Name
- Contains the security attribute as found in the configuration file.
- Value
- Contains the value of the security attribute.
- Console Path Name
- Contains the path where the attribute is found on the console.
The sections
- Security Settings
- Displays information about the top-level security attributes.
These attributes set the default for administrative security for
the server, such as whether security is enabled, the default user
registry, or if Java™ security
is enabled.
For more information, read the Global security settings article.
- Authentication Mechanisms and expirations
- Contains all the attributes associated with each authentication mechanisms and trust associations as defined in the configuration.
- User Registry
- Displays the attributes for the default user registry for the server.
- Authorization configuration
- Displays attributes configured for an external Java Authorization Contract for Containers (JACC) provider.
- Application login configuration
- Displays application JAAS login entries and their login modules attributes.
- CSI
- Displays the attributes that define the inbound and outbound information for the Common Secure Interoperability (CSI) protocol.
- SSL configuration repertoires
- Displays the attributes that make up the Secure Sockets Layer
(SSL) configuration used by the server. There can be multiple SSL
configurations defined, and information about each is displayed.
This object is often referenced by an SSL configuration group object
used to associate it with an inbound or an outbound connection.
For more information, read the SSL configurations collection article.
- Key stores
- Displays the keystore attributes for each keystore in the configuration.
Keystore objects in the configuration are often referenced by an
SSL configuration object in the configuration.
For more information, read the Personal certificates collection article.
- Trust managers
- Displays the attributes that make up trust managers that can be
used by the server. Trust manager objects in the configuration are
typically referenced by an SSL configuration object.
For the more information, read the Trust managers collection article.
- Key managers
- Displays the attributes that make up the key managers that are
used by the server. Key manager objects in the configuration are
typically referenced by an SSL configuration object.
For more information, read the Key managers collection article.
- SSL configuration group
- Displays the attributes that make up an SSL configuration that are used for an outbound or an inbound connection.
- Management scope
- Displays the attributes that make up a management scope. The
SSL configuration-related objects in the security configuration are
defined within a management scope to reference the management scope
object.
For more information, read the Management scope configurations article.
- Key set groups
- Displays the attributes that make up a group of key sets, which
are used to manage public, private and shared keys.
For more information, read the Key set groups collection article.
- Key set
- Displays the attributes that make up the key set, which is used
to manage public, private, and shared keys.
For more information, read the Key sets collection article.
- Schedules
- Displays the attributes that make up the scheduled process in the security configuration.
- Notifications
- Displays the attributes that make up notification objects in the security configuration.
- Manage certificate expiration
- Displays the attributes that define how startCertificateExpMonitor is run on the server.
- System login configuration
- Displays the attributes that define the System login entries and
their login modules.
For more information, read the System login configuration entry settings for Java Authentication and Authorization Service article.
- Custom properties
- Displays all the custom properties that are defined in the security
configuration.
For more information, read the Custom properties article.
- Web Authentication
- Displays properties that are used to define web authentication
used by the server.
For more information, read the web authentication settings article.
- Administrative Users and Groups
- Displays the attributes that define roles and the users and groups
associated with them as found in the admin-authz.xml file.
The column titled Administrative Role Name contains
the name of the administrative role. A column titled Administrative
Role Value contains the user ID associated with the role
(if one exists).
For more information, read the Administrative roles article.
- Corba Naming Console Names
- Displays the defined CORBA naming roles and the users that are
assigned to the roles.
For more information, read the Administrative group roles and CORBA naming service groups article.
- Console Name for Certificate Management
- Lists all the certificate in keystore that are defined in the security configuration. There is also information about the certificates location and their validity period.
- Cookie Protection
- Displays attributes that pertain to HTTP Cookies. This section differs from other sections since information is gathered from different configuration files. The HttpOnly custom property, the web authentication com.ibm.wsspi.security.web.webAuthReq property, and the session security setting on each server are displayed on the report.
- Java Authorization SPI Configuration
- Displays the attributes that are defined for the Java Authorization SPI (JASPI) configuration.
If there is a JASPI configuration object in the security configuration,
information is included concerning whether JASPI is enabled, the name
of the default JASPI provider, and a list of defined providers and
their authentication modules. Note: If JASPI has not been configured, this section is not shown in the security configuration report.