Define variables for security domain configuration - worksheets

This article presents worksheets that will assist you when completing the WebSphere Application Server for z/OS Customization Dialog. See the related definitions article for definitions of each of the terms.

Note: Any instance of "(cannot change)" in the "Your value" column indicates that the particular value is displayed for reference purposes only and you can't change it in that particular panel. Either the value is static throughout the Dialog, or you need to go back to a previous task to make the change.

For more information about security, see related sections in the information center.

Define variables for Security Domain Configuration (1 of 3)

A security domain definition in z/OS provides WebSphere Application Server for z/OS with a set of cell-wide z/OS Security Server (RACF) security definitions. In this circumstance, an unfederated base Application Server is, for security purposes, considered a cell. A security domain definition includes the following:

Note: Creating multiple security domains may isolate WebSphere Application Server for z/OS cells within a sysplex.

This panel asks you to supply some RACF groups and user IDs that are common throughout WebSphere Application Server for z/OS. The Dialog creates the RACF commands to define these new user IDs and groups for your security system. It also creates and saves a set of variables that you must load and use in subsequent Dialog options.

Note:

Item Value in the Dialog after you load IBM defaults Your value (Fill in the blanks)
Use security domain identifier in RACF definitions N  
Security domain identifier (null)  
Sysplex name MCLXCF01  
WebSphere Application Server Configuration Group Information
Group WSCFG1  
GID 2500  
WebSphere Application Server Administrator Information
User ID WSADMIN  
UID 2403  
Password WSADMIN  
Unauthenticated User Definitions for Base Servers
User ID WSGUEST  
UID 2402  
Group WSCLGP  
GID 2502  
WebSphere Application Server Asynchronous Administration Task
User ID WSADMSH  
UID 2504  
Configure for local OS security registry Y  


Define variables for Security Domain Configuration (2 of 3)

Item Value in the Dialog after you load IBM defaults Your value (Fill in the blanks)
SSL Customization
Certificate authority keylabel WebSphereCA  
Generate certificate authority (CA) certificate Y  
Expiration date for CA authority 2010/12/31  
Default RACF keyring name WASKeyring  
Enable SSL on location service daemon N  
Additional z/OS Security Customization Options
Generate default RACF realm name N  
Default RACF realm name MCLXCF01  
Use SAF EJBROLE profiles to enforce J2EE roles Y  
Provide mapping for J2EE principals to SAF user ID N  
Mapping class com.ibm.websphere.security.SampleSAFMappingModule  
Enable PassTickets for z/SAS authentication N  
PassTicket KEYMASK value (null)  
Enable SAF authentication using LTPA or ICSF login tokens Y  
Use APPL Profile to restrict access to WebSphere Application Server N  


Define variables for Security Domain Configuration (3 of 3)

Item Value in the Dialog after you load IBM defaults Your value (Fill in the blanks)
WebSphere Application Server user ID home directory /var/WebSphere/home  



Related concepts
Setting up WebSphere Application Server for z/OS security
Related reference
Define variables for security domain configuration - definitions



Searchable topic ID:   rinsdefvar1
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rins_defvar1.html

Library | Support | Terms of Use | Feedback