This article presents worksheets that will assist you when completing the WebSphere Application Server for z/OS Customization Dialog. See the related definitions article for definitions of each of the terms.
Note: Any instance of "(cannot change)" in the "Your value" column indicates that the particular value is displayed for reference purposes only and you can't change it in that particular panel. Either the value is static throughout the Dialog, or you need to go back to a previous task to make the change.
For more information about security, see related sections in the information center.
Define variables for Security Domain Configuration (1 of 3)
A security domain definition in z/OS provides WebSphere Application Server for z/OS with a set of cell-wide z/OS Security Server (RACF) security definitions. In this circumstance, an unfederated base Application Server is, for security purposes, considered a cell. A security domain definition includes the following:
Note: Creating multiple security domains may isolate WebSphere Application Server for z/OS cells within a sysplex.
This panel asks you to supply some RACF groups and user IDs that are common throughout WebSphere Application Server for z/OS. The Dialog creates the RACF commands to define these new user IDs and groups for your security system. It also creates and saves a set of variables that you must load and use in subsequent Dialog options.
Note:
Item | Value in the Dialog after you load IBM defaults | Your value (Fill in the blanks) |
---|---|---|
Use security domain identifier in RACF definitions | N | |
Security domain identifier | (null) | |
Sysplex name | MCLXCF01 | |
WebSphere Application Server Configuration Group Information | ||
Group | WSCFG1 | |
GID | 2500 | |
WebSphere Application Server Administrator Information | ||
User ID | WSADMIN | |
UID | 2403 | |
Password | WSADMIN | |
Unauthenticated User Definitions for Base Servers | ||
User ID | WSGUEST | |
UID | 2402 | |
Group | WSCLGP | |
GID | 2502 | |
WebSphere Application Server Asynchronous Administration Task | ||
User ID | WSADMSH | |
UID | 2504 | |
Configure for local OS security registry | Y |
Define variables for Security Domain Configuration (2 of 3)
Item | Value in the Dialog after you load IBM defaults | Your value (Fill in the blanks) |
---|---|---|
SSL Customization | ||
Certificate authority keylabel | WebSphereCA | |
Generate certificate authority (CA) certificate | Y | |
Expiration date for CA authority | 2010/12/31 | |
Default RACF keyring name | WASKeyring | |
Enable SSL on location service daemon | N | |
Additional z/OS Security Customization Options | ||
Generate default RACF realm name | N | |
Default RACF realm name | MCLXCF01 | |
Use SAF EJBROLE profiles to enforce J2EE roles | Y | |
Provide mapping for J2EE principals to SAF user ID | N | |
Mapping class | com.ibm.websphere.security.SampleSAFMappingModule | |
Enable PassTickets for z/SAS authentication | N | |
PassTicket KEYMASK value | (null) | |
Enable SAF authentication using LTPA or ICSF login tokens | Y | |
Use APPL Profile to restrict access to WebSphere Application Server | N |
Define variables for Security Domain Configuration (3 of 3)
Item | Value in the Dialog after you load IBM defaults | Your value (Fill in the blanks) |
---|---|---|
WebSphere Application Server user ID home directory | /var/WebSphere/home |