Configuring Big Match web application security (V11.5.0.5)
By default, security is enabled for all Big Match web applications. To manage security for the web applications, edit the corresponding XML configuration files associated with the WebSphere® Profile instance.
Before you begin
This topic assumes that you have edited the port number designations if necessary. For more information, see the link at the end of this topic about checking for port conflicts.
For more information about WebSphere Liberty security, including information about users and groups, see the links at the end of this topic.
About this task
The Big Match offering takes advantage of the security features provided by IBM WebSphere Liberty. Specifically, Big Match uses the Basic Registry that WebSphere Liberty offers to store user credentials. The Basic Registry is located in $<BIGMATCH_HOME>/conf/bigmatch-wlp-security-config.xml.
bmadmin
-
The
bmadmin
user is part of thebigmatch
group. Users in thebigmatch
group have access to:- the InfoSphere Big Match Console web application. The default URL and port for this application is https://<host>:9443/bmconfig.
- the InfoSphere Big Match Search sample application. The default URL and port for this web application is https://<host>:9443/bmconfig.
The
bmadmin
user's default password isbmadmin
. mdmadmin
-
The
mdmadmin
user is part of thepublisher
group. Users in thepublisher
group have access to the IBM MDM Publisher web application. The default URL and port for this application is https://<host>:9443/publisher.The
mdmadmin
user's default password ismdmadmin
. Demo
andtest
-
The
Demo
user and thetest
user are part of theanalytics
group. Users in theanalytics
group have access to the IBM Entity Insight web application. The default URL and port for this application is https://<host>:9443/insight. These users are also used for authenticating against the REST layer of the IBM Entity Insight application. (analytics-graph-api-rest.war).The
Demo
user's default password isDemo
.The
test
user's default password istest
.
- For the InfoSphere Big Match Console, Big Match Search sample, and Big Match REST service applications: $<BIGMATCH_HOME>/conf/bigmatch-wlp-security-config.xml.
- For IBM MDM Publisher and associated REST services: $<BIGMATCH_HOME>/conf/publisher-wlp-security-config.xml.
- For IBM Entity Insight and associated REST services: $<BIGMATCH_HOME>/conf/analytics-wlp-security-config.xml.
The groups defined in $<BIGMATCH_HOME>/conf/bigmatch-wlp-security-config.xml are bound to these roles.
analytics
) REST services, so there are bindings for the analytics
user groups to the AnalyticsUser
security role in both
publisher-wlp-security-config.xml and
bigmatch-wlp-security-config.xmlProcedure
- Edit $<BIGMATCH_HOME>/conf/bigmatch-wlp-security-config.xml.
-
Add the new users in the
<basicRegistry id="basic" realm="customRealm">
section. -
Add the same users to the
<group name="analytics">
group in the same XML file.
What to do next
By default, the Big Match WebSphere Liberty Profile instance uses the same Java installation that is running Ambari Server. To modify this, edit the /usr/ibmpacks/current/bigmatch/wlp/usr/servers/bigmatch-server/server.env file and set the value of JAVA_HOME to some other JDK/JRE.
If you need to change the security configuration to use an LDAP registry instead, see the WebSphere Liberty documentation about configuring LDAP user registries.
- To configure authentication, apply the changes documented in steps 1 and 2 of the linked WebSphere Liberty page to the file <BIGMATCH_HOME>/conf/bigmatch-wlp-config.xml instead of the file server.xml. The LDAP server configuration (steps 3 and on) should be applied to the file <BIGMATCH_HOME>/conf/bigmatch-wlp-security-config.xml.
- To configure authorization, create the appropriate groups on your LDAP server and then edit the file <BIGMATCH_HOME>/conf/analytics-wlp-application-config.xml to add those LDAP groups as necessary under the relevant security roles to grant the AnalyticsUser or PublisherUser access rights to the intended users.