Enable your WebSphere® eXtreme Scale servers and catalog servers for keystore authentication with a Java™ Authentication and Authorization Service (JAAS) policy file that is used for authorization.
KeyStoreLogin {
com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginModule required
keyStoreFile="/security/sampleKS.jks";
}
<?xml version=”1.0” encoding=”UTF-8”?>
<securityConfig xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://ibm.com/ws/objectgrid/config/security ../objectGridSecurity.xsd”
xmlns=”http://ibm.com/ws/objectgrid/config/security”>
<security securityEnabled=”true” loginSessionExpirationTime=”300” >
<authenticator className=
"com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginAuthenticator>
</authenticator>
</security>
</securityConfig>
securityEnabled=true
credentialAuthentication=Required
startOgServer.sh catalogServer -clusterSecurityFile /security/security.xml
-serverProps /security/objectGridServer.properties -jvmArgs
-Djava.security.auth.login.config=”/security/wxs_keystore.config”
-Djava.security.policy=”/security/wxs_ldap_auth.config”
startXsServer.sh catalogServer -clusterSecurityFile /security/security.xml
-serverProps /security/objectGridServer.properties -jvmArgs
-Djava.security.auth.login.config=”/security/wxs_keystore.config”
-Djava.security.policy=”/security/wxs_ldap_auth.config”
startOgServer.sh c0 -objectgridFile /xml/objectgrid.xml
-deploymentPolicyFile /xml/deployment.xml
-catalogServiceEndPoints cataloghostname:2809
-serverProps /security/objectGridServer.properties
-jvmArgs -Djava.security.auth.login.config=”/security/wxs_keystore.config”
-Djava.security.policy=”/security/wxs_ldap_auth.config”
startXsServer.sh c0 -objectgridFile /xml/objectgrid.xml
-deploymentPolicyFile /xml/deployment.xml
-catalogServiceEndPoints cataloghostname:2809
-serverProps /security/objectGridServer.properties
-jvmArgs -Djava.security.auth.login.config=”/security/wxs_keystore.config”
-Djava.security.policy=”/security/wxs_ldap_auth.config”
securityEnabled=true
credentialAuthentication=Supported
transportType=TCP/IP
singleSignOnEnabled=false
String userid = “CN=manager,O=acme,OU=sample”;
String pw=”password”;
// Creates a ClientSecurityConfiguration object using the specified file
ClientSecurityConfiguration clientSC = ClientSecurityConfigurationFactory
.getClientSecurityConfiguration(args[0]);
// Creates a CredentialGenerator using the passed-in user and password.
CredentialGenerator credGen = new UserPasswordCredentialGenerator(userid,password);
clientSC.setCredentialGenerator(credGen);
// Create an ObjectGrid by connecting to the catalog server
ClientClusterContext ccContext = ogManager.connect(“cataloghostname:2809”, clientSC, null);
ObjectGrid og = ogManager.getObjectGrid(ccContext, “YourGridName”);’