Configuring multiple security domains using scripting
You can customize your security configuration at the cell, sever, or cluster level by configuring multiple security domains.
Before you begin
Users assigned to the administrator role can configure security domains. Verify that you have the appropriate administrative role before configuring security domains. Also, enable global security in your environment before configuring multiple security domains.
About this task
You can create multiple security domains to customize
your security configuration. Use multiple security domains to achieve
the following goals:
- Configure different security attributes for administrative and user applications within a cell
- Consolidate server configurations by managing different security configurations within a cell
- Restrict access between applications with different user registries, or configure trust relationships between applications to support communication across registries
Procedure
- Create a security domain. Create multiple security domains in your configuration. By creating multiple security domains, you can configure different security attributes for administrative and user applications within a cell environment.
- Assign the security domain to one or a set of resources or scopes. Assign management resources to security domains. Set management resources to your security domains to customize your security configuration for a cell, server, or cluster.
- Customize your security
configuration by specifying attributes for your security domain. See the following examples of security attributes:
- User registries to validate user credentials
- Authorization for validating access to resources
- Trust association interceptor (TAI) to authenticate a web user using a reverse proxy server
- Application and system JAAS login configurations
- LTPA timeout settings
- Application security enablement to provide application isolation and requirements for authenticating application users
- Java™ 2 Security to increase overall system integrity by checking for permissions before allowing access to certain protected system resources
- Remote Method Invocation over Internet Inter-ORB Protocol (RMI/IIOP) to invoke web services through remote procedure calls
- Custom properties
次主題
Configuring security domains using scripting
Use this topic to create multiple security domains in your configuration. By creating multiple security domains, you can configure different security attributes for administrative and user applications within a cell environment.Configuring local operating system user registries using scripting
Use this topic to configure user registries for global security and security domain configurations using the wsadmin tool. You can define user registries at the global level and for multiple security domains.Configuring custom user registries using scripting
Use this topic to configure custom user registries for global security and security domain configurations using the wsadmin tool. You can define custom user registries at the global level and for multiple security domains.Configuring JAAS login modules using wsadmin scripting
Use this topic to use the wsadmin tool to configure and manage Java Authentication and Authorization Service (JAAS) login entries to allow communication between realms in a multiple security domain environment.Configuring Common Secure Interoperability authentication using scripting
Use this topic to use the wsadmin tool to configure inbound and outbound communications using the Common Secure Interoperability protocol. Common Secure Interoperability Version 2 (CSIv2) supports increased vendor interoperability and additional features.Configuring trust association using scripting
Use the wsadmin tool to configure and manage trust association configurations in a multiple security domain environment. Trust association enables the integration of the application server security and third-party security servers. More specifically, a reverse proxy server can act as a front-end authentication server while the product applies its own authorization policy onto the resulting credentials that are passed by the proxy server.Mapping resources to security domains using scripting
Use this topic to assign management resources to security domains. Set management resources to your security domains to customize your security configuration for a cell, server, or cluster.Removing resources from security domains using scripting
Use this topic to remove management resources from security domains. Remove all resources from a security domain before deleting the security domain from your configuration.Removing security domains using scripting
Use this topic to delete security domains from your configuration using the wsadmin tool. Remove security domains that are not needed in your security configuration.Removing user registries using scripting
You can use the wsadmin tool to remove user registries from global security or security domain configurations. Use the steps in this topic to remove Lightweight Directory Access Protocol (LDAP), local operating system, custom, or federated repository user registries from your global security or security domain configurations.SecurityDomainCommands command group for the AdminTask object
You can use the Jython scripting language to configure and administer security domains with the wsadmin tool. Use the commands and parameters in the SecurityDomainCommands group to create and manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.SecurityConfigurationCommands command group for the AdminTask object
You can use the Jython scripting language to configure security with the wsadmin tool. Use the commands and parameters in the SecurityConfigurationCommands group to configure and manage user registries, single sign-on, data entries, trust association, login modules, and interceptors.SecurityRealmInfoCommands command group for the AdminTask object
You can use the Jython scripting language to manage security realm configurations with the wsadmin tool. Use the commands and parameters in the SecurityRealmInfoCommands group to query and manage trusted realms.NamingAuthzCommands command group for the AdminTask object
You can use the Jython scripting language to configure naming roles for groups and users with the wsadmin tool. Use the commands and parameters in the NamingAuthzCommands group to assign, remove, and query naming role configuration. CosNaming security offers increased granularity of security control over CosNaming functions.Utility scripts
The scripting library provides multiple script procedures to automate your application configurations. See the usage information for scripts that set notification options, save configuration changes, and display scripting library information.


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_7sdep
檔名:txml_7sdep.html