Stand-alone custom registry settings
Use this page to configure the stand-alone custom registry.
- Click Security > Global security.
- Under User account repository, click the Available realm definitions drop-down list, select Stand-alone custom registry, and click Configure.
When security is enabled and any of these custom user registry settings change, go to the Global security panel and click Apply to validate the changes.
WebSphere® Application Server Version 7.0 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository.
However, if you are adding a previous version node to the latest version cell and the previous version node used a server identity and password, you must ensure that the server identity and password for the previous version are defined in the repository for this cell. Enter the server user identity and password on this panel.
- Go to the panel for SAF by clicking .
- Select System Authorization Facility (SAF) from the drop-down list under the Authorization provider option.
- Click Configure.
Custom properties
Under the Custom properties link, you can add a value for one or more of the custom properties.
- force.credential.creation.for.validation
- Setting this property forces the creation of an access control environment elements (ACEE) or
find the ACEE of the user from the cache during ID assertion login to prevent obtaining information
for users that have been revoked.Avoid trouble: Forcing the creation of credentials all the time will cause a decrease in performance.
Primary administrative user name
Specifies the name of a user with administrative privileges that is defined in your custom user registry.
Automatically generated server identity
Enables the application server to generate the server identity, which is recommended for environments that contain only Version 6.1 or later nodes. Automatically generated server identities are not stored in a user repository.
Information | Value |
---|---|
Default: | Enabled |
Server identity that is stored in the repository
Specifies a user identity in the repository that is used for internal process communication. Cells that contain Version 6.1 or later nodes require a server user identity that is defined in the active user repository.
Information | Value |
---|---|
Default: | Enabled |
User identity for the z/OS started task
Specifies the user identity that is associated with the z/OS system started task. Each controller and server can have its own identity.
Server user ID or administrative user on a Version 6.0.x node
Specifies the user ID that is used to run the application server for security purposes.
Password
Specifies the password that corresponds to the server ID.
Custom registry class name
Specifies a dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface.
Put the custom registry class name in the class path. A suggested location is the following directory.
- %install_root%/lib/ext
- profile_root/classes
Information | Value |
---|---|
Data type: | String |
Default: | com.ibm.websphere.security.FileRegistrySample |
Ignore case for authorization
Indicates that a case-insensitive authorization check is performed when you use the default authorization.
Information | Value |
---|---|
Default: | Disabled |
Range: | Enabled or Disabled |