Configuring custom user registries using scripting

Use this topic to configure custom user registries for global security and security domain configurations using the wsadmin tool. You can define custom user registries at the global level and for multiple security domains.

Before you begin

You must meet the following requirements before configuring custom user registries:
  • You must have the administrator or new admin role.
  • Enable global security in your environment.
  • Implement and build the UserRegistry interface and configure a custom registry.
  • To configure custom user registries for multiple security domains, you must configure at least one security domain.

About this task

WebSphere® Application Server security supports stand-alone custom registries in addition to the local operating system registry, standalone Lightweight Directory Access Protocol (LDAP) registries, and federated repositories for authentication and authorization. A stand-alone custom-implemented registry uses the UserRegistry Java™ interface as provided by the product. A stand-alone custom registry can support any type of account repository from a relational database, flat file, and so on. You can specify custom user registries at the global level and at the security domain.

When you configure a user registry in the global security configuration, the administrator does not specify a realm name for the user registry. The system determines the realm name from the security run time. The realm name for custom registries is set by the custom registry.

Use the following command to make a specific user registry the active user registry in the global security configuration:
Jython
AdminTask.setAdminActiveSecuritySettings ('[-activeUserRegistry CustomUserRegistry]')
Jacl
$AdminTask setAdminActiveSecuritySettings {-activeUserRegistry CustomUserRegistry}
[aug2010] Use the following command to make a specific user registry the active user registry in the security domain configuration: [aug2010]
aug2010
Jython
AdminTask.setAppActiveSecuritySettings ('[-securityDomainName domain2 -activeUserRegistry CustomUserRegistry]')
Jacl
$AdminTask setAppActiveSecuritySettings {-securityDomainName domain2 -activeUserRegistry CustomUserRegistry}

In security domains, you can configure a different realm for a user registry configuration. For example, you can configure two registries that use the same LDAP server listening on the same port, but use different base distinguished names (baseDN). This method supports the configuration to serve different sets of users and groups. To use this type of scenario, you must specify a realm name for each user registry configured for a domain. Multiple realms can exist in your configuration, and you can also specify a list of trusted realms. Communications between applications that use different realms is supported.

Use the following steps to configure custom user registries for your global security configuration and for multiple security domains:

Procedure

What to do next

Use the following command example to save your configuration changes:
AdminConfig.save()



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 9:57:58 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-base-dist&topic=txml_7customreg
File name: txml_7customreg.html