WebSphere® Application Server
Application
Server supports Security Domains that have the flexibility to
use different security configurations.
About this task
You can configure WebSphere Application ServerApplication Server to use different
security attributes, such as the UserRegistry, for
different applications. This example configuration creates a security
domain for Identity Manager with
a stand-alone LDAP user registry.
You can skip the next procedure
if either of the following conditions apply:
- You already configured WebSphere Application ServerApplication Server global security with
the user registry that you want to use for Identity Manager authentication.
- You already configured a security domain for WebSphere Application ServerApplication Server with the user registry
that you want to use for Identity Manager authentication.
Note: During Identity Manager installation,
you can choose to use the existing realm for the application server.
Procedure
- Log on to the administrative console as an administrator.
- Go to Security > Security domains.
Click New to create a security domain for Identity Manager.
- Enter a name you want in the Name field.
Click OK and save the changes.
- After the new security domain is created, click the security
domain name to configure the security attributes for the domain.
- When you click the security domain name, the Security Domain
page is shown. You must configure a number of settings. In the Assigned
Scopes section, select the WebSphere Application ServerApplication Server where Identity Manager is
to be installed.
- In the Security Attributes section:
- Under Application Security, click Enable
application security.
- For Java™ 2 Security,
accept the default of Disabled, to optimize
performance.
- Under User Realm, select Standalone LDAP
registry and click Configure...
- On the Stand-alone LDAP registry page, provide the values
specified in the table:
Table 1. Security domain configuration
for stand-alone LDAP registry
| Field |
Description |
| Realm name |
Provide the realm name as whatever you want. |
| Type of LDAP server: |
For this example, IBM® Tivoli® Directory Server |
| Host |
The IBM Security Directory Server host
name or IP address |
| Port |
The LDAP server port for IBM Security Directory Server |
| Base DN |
The base DN of the LDAP registry |
| Bind DN |
The user DN that is bound to the LDAP registry. |
| Bind password |
The password of the bind user. |
- Click Test Connection to ensure
that
WebSphereApplication Server can communicate with
the LDAP registry.
- After the connection test is successful, click OK and
save the changes.
- After the user realm basic security attributes are configured,
set the advanced LDAP settings for this user realm.
- Click the security domain name.
- Click Configure (next to the
realm name).
- Select Set Advanced Lightweight Directory
Access Protocal (LDAP) user registry setting link on the
Stand-alone LDAP registry attribute setting page.
- Click OK and save the changes.
From the Stand-alone LDAP registry page, click OK and
save the changes.
- When you save the changes, you are redirected to the domain
list page. Select the domain name to continue configuring the remaining
security attributes for this domain.
Review the default
settings and change any that apply to your deployment.
- Click OK and save the changes.
- Restart WebSphere Application ServerApplication
Server.
Results
You completed the WebSphereApplication
Server security domain configuration. You can now install Identity Manager.