Activating and configuring the SAF registry on z/OS
The System Authorization Facility (SAF) registry holds information that is required to perform security-related functions such as authenticating users and retrieving information about users, groups, or groups associated with users. You activate and configure the SAF registry through the configuration file server.xml. In addition, you can configure your Liberty server to use SAF authorization.
About this task
- Activate the SAF user registry.
- Configure the SAF user registry to use authorized services.
- Enable applications to use the SAF user registry.
- Configure the SAF user registry.
For information on how to configure your Liberty server to use SAF authorization, see Configuring authorization for applications in Liberty
When you use LDAP and Basic or SAF registries, the user registries are automatically federated. In Liberty, only one realm is supported. If you do not specify a federated repository with a primary realm identified, one of the realm names from one of the defined user registries is used.
When you use multiple registries and are taking actions based on the realm name of the user,
define the federatedRepository
with a primaryRealm
attribute
defined.