Global security activates a number of security settings WebSphere
Application Server. Use this topic to enable global security on a base application
server node.
About this task
Fortunately, most of the settings receive their default value
from the installation scripts, which are run during server installation. The
following checklist is for enabling global security on a base application
server node:
Procedure
- Ensure that you are running W500101 or later.
- Ensure that the installation scripts were run and included the
Global security panel. On the Global security panel, make sure that you selected
the Generate RACF commands option.
- Ensure that you ran the job that submits the RACF commands created
by the installation scripts. This job builds the keyrings and certificates.
- Start the server if it is not already started.
- Go to the administrative console. Sign in using any user ID. A
password is not needed.
- Click Security > Global security. Under Authentication,
click Authentication mechanisms > LTPA. Type a password and confirm
it by entering it again. Click Apply > Save.
- Click Security > Global security. Under User registries,
click Local OS. Under additional properties, click Custom Properties.
If you want WebSphere Application Server to use RACF EJBROLE profiles
for determining if a user has a role, select com.ibm.security.SAF.authorization
and com.ibm.security.SAF.delegation and set them to true. Otherwise,
leave them set to false. If you change them, click Apply and Save.
If you chose to use EJBROLE profiles, use RACF to PERMIT your administrative
user IDs to the EJBROLE class profile administrator. If you chose not to use
EJBROLE profiles, you should click System Administration > Console Users,
and add your user IDs as administrators. Click Apply and Save.
- Click Security > Global security. Under User registries,
click Local OS. Under Additional properties, click Custom properties.
- Click Security > Global Security. Select the Enable global
security option and then deselect the Enforce Java 2 Security option.
The Active Protocol should be CSI and SAS. The Active
Authentication Mechanism should be LTPA. The Active User Registry
should be Local OS. Click Apply and Save.
- Select the Enable the selected repository option so that
the local operating system is used as the user account repository.
Results
Now you can restart your server and use your browser to connect
to the administrative console. The server will successfully redirect you to
the Secure Sockets Layer (SSL) port where you get the usual certificate warnings.
The login page displays where you can enter the valid administrative user
ID and password.