Introduction: Security in a mixed environment

In this tutorial, you integrate WebSphere® eXtreme Scale security in a mixed environment. The container servers run within WebSphere Application Server, and the catalog service runs in stand-alone mode. Because the catalog server is in stand-alone mode, you must configure an external authenticator.

Important: If both your container servers and catalog server are running within WebSphere Application Server, you can use the WebSphere Application Server Authentication plug-ins or an external authenticator. For more information about using the WebSphere Application Server Authentication plug-ins, see Tutorial: Integrate WebSphere eXtreme Scale security with WebSphere Application Server.

Learning objectives

The learning objectives for this tutorial follow:
  • Configure WebSphere eXtreme Scale to use the KeyStoreLoginAuthenticator plug-in
  • Configure WebSphere eXtreme Scale transport security to use WebSphere Application Server CSIv2 configuration and the WebSphere eXtreme Scale properties file
  • Use Java™ Authentication and Authorization Service (JAAS) authorization in WebSphere Application Server
  • Use the xscmd utility to monitor the data grids and maps that you created in the tutorial.

Time required

This tutorial takes approximately 4 hours from start to finish.

Skill level

Intermediate.

Audience

Developers and administrators that are interested in the security integration between WebSphere eXtreme Scale and WebSphere Application Server and configuring external authenticators.

System requirements

  • WebSphere Application Server Version 7.0.0.11 or later with the following fixes applied:interim fix PM20613 and interim fix PM15818.
  • The catalog server must be running on a stand-alone installation, not an installation that is integrated with WebSphere Application Server.
  • Update the Java runtime to apply the following fix: IZ79819: IBMJDK FAILS TO READ PRINCIPAL STATEMENT WITH WHITESPACE FROM SECURITY FILE
  • The stand-alone node that runs the catalog service must use the IBM Software Development Kit Version 1.6 J9. This Software Development Kit is included in the WebSphere Application Server installation. The catalog server node must be a stand-alone installation because you cannot run the startOgServer command within an installation of WebSphere eXtreme Scale on WebSphere Application Server.
This tutorial uses four WebSphere Application Server application servers and one deployment manager to demonstrate the sample.

Prerequisites

A basic understanding of the following items is helpful before you start this tutorial:
  • WebSphere eXtreme Scale programming model
  • Basic WebSphere eXtreme Scale security concepts
  • Basic WebSphere Application Server security concepts
For a background information about WebSphere eXtreme Scale and WebSphere Application Server security integration, see Security integration with WebSphere Application Server.