IBM® WebSphere® Portal provides
various security configuration tasks. In the past, there was one task
and you might not recover from errors. Also, you might not expand
your user registry to meet your growing business needs. Now there
are multiple tasks and you can fine-tune your system to meet your
business needs.
You have the following general security options to choose from:
Table 1. Security options with explanationSecurity option |
Explanation |
Federated security |
With this option, you can create Virtual Portals with multiple realms. You can
also use multiple repositories (LDAP, database, custom), and you can add Application Groups to your
system. This option is good if you must merge multiple LDAP servers into one cohesive
structure. Attention: If you plan to enable the transient user feature, you must choose
the federated user registry configuration.
Important: You must take special care
that there are no duplicate names between the various repositories. For example, if you installed
the product with a Portal Administrator of admin1, then
admin1 must not exist in the corporate LDAP
server.
|
Custom security |
This option provides you with the ability to
write a fully controlled WebSphere Security environment. There is
a custom user registry and a custom member adapter for Virtual Member
Manager (VMM). The abilities of this option depend on your implementation. |
Federated security
WebSphere Portal is configured with
a default federated repository with a built-in file repository. The
federated repository offers you the richest number of options to meet
your business needs. You can easily expand your business as your needs
grow. For example, your company acquires a new business that has an
existing LDAP user registry. You can add that LDAP server to your
federated repository. Choose one of the following tasks to enable
a production repository:
Table 2. Tasks to enable a production
repositoryTask |
Description |
Add a federated LDAP repository to the VMM configuration |
Select this option to add an LDAP server to
the federated repository. This task does not change the current security
assignment. Therefore, the administrative user that is defined during
installation is still active. |
Add a federated database repository to the VMM
configuration |
Select this option to add a database to the
federated repository. This task does not change the current security
assignment. Therefore, the administrative user that is defined during
installation is still active. |
Add a federated custom user registry |
Select this option to add a custom user registry
that your company created to the federated repository. This task does
not change the current security assignment. Therefore, the administrative
user that is defined during installation is still active. |
After you add your initial user registry, you can add
more user registries to the repository to create a multiple user registry
configuration. After you configure your repository, you must remove
the default file-based repository. You do not have to remove the file-based
repository in a development environment or if you are using IBM Connections.
The following tasks are required to remove the default file-based
repository:
Table 3. Tasks required to remove the default file-based
repositoryTask |
Description |
Change the user registry where users and groups
are stored |
This task changes the default repository where
new users and groups are stored. |
Change WebSphere Application Server administrator |
This task changes the WebSphere Application
Server administrator
user ID and password. |
Change WebSphere Portal Server administrator |
This task changes the WebSphere Portal administrator user
ID and password. |
Delete a federated repository from the VMM configuration |
This task deleted the default file-based repository
from your configuration. |
After you use your federated repository, you might
need to manage your user registry. You can run any of the following
optional tasks to fine-tune your federated repository:
Table 4. Optional
tasks to manage the federated repositoryTask |
Description |
Updating the federated LDAP user registry |
Choose this option to update certain parameters
such as your bind ID and password to fix issues with your LDAP user
registry. |
Updating the federated database user registry |
Choose this option to update certain parameters
such as the data source name, database URL, and database type to fix
issues with your database user registry. |
Create a realm |
Choose this option to create a realm, which
is a group of users from one or more user registries that form a coherent
group within WebSphere Portal.
Realms allow flexible user management with various configuration options.
A realm must be mapped to a Virtual Portal to allow the defined users
to log in to the Virtual Portal. In a federated repository, you can
create multiple realms. |