You can customize security to some extent at the application server
level. You can disable user security on an application
server; administrative security remains enabled when global security is enabled.
When global security is disabled, you cannot enable application server security.
Before you begin
Note: User Registry properties
include System Authorization Facility (SAF) properties such as: com.ibm.security.SAF.authorization
and com.ibm.security.SAF.unauthenticated identities.
Note: User Registry properties
include System Authorization Facility (SAF) properties such as: com.ibm.security.SAF.authorization
and com.ibm.security.SAF.unauthenticated identities.
By
default, server security inherits all of the values that are configured for
cell-level security. To override the cell-level security configuration at
the server level, click Servers > Application Servers > server_name.
Under Security, click Server Security > Additional properties and click
any of the following panels:
- CSIv2 inbound authentication
- CSIv2 outbound authentication
- CSIv2 inbound transport
- CSIv2 outbound transport
- z/SAS authentication
- Server-level security
After modifying the configuration in any of these
panels and clicking
OK or
Apply, the security configuration
for that panel or set of panels now overrides cell-level security. Other
panels that are not overridden continue to be inherited at the cell-level.
However, you can always revert back to the cell-level configuration at any
time. On the Server Security panel, click to revert back to the global security
configuration on these panels:
- Use cell security
- Use cell CSI
- Use cell z/SAS
A number of additional Secure
Authentication Services for z/OS (z/SAS) attributes can be considered for
security at a server level, such as:
- Local identity
- Remote identity
- Sync to thread allowed
For more information, see Server and global security.
What to do next
Typically, server-level security is used to disable user security
for a specific application server. However, this can also be used to disable
or enable the Java 2 security manager, and to configure the authentication
requirements for RMI/IIOP requests both incoming and outgoing from this application
server.
After you modify the configuration for a particular application
server, you must restart the application server for the changes to become
effective. To restart the application server, go to Servers > Application
servers and click the server name that you recently modified. Click Stop and
then Start.
If you disabled security for the application server,
you can typically test a Web address that is protected when security is enabled.