Configuring a file adapter

The file adapter is configured using the WebSphere Application Server administrative console or the wsadmin commands. See the WebSphere Application Server administrative console documentation.

About this task

File adapter configuration information is defined in wimconfig.xml. During virtual member manager initialization, the RepositoryManager calls the FileAdapter.initialize() method and passes the Repository DataObject. The file adapter is configured as the default user registry in virtual member manager.
Parameter name Definition Possible values Default value
id The unique repository ID defined in the virtual member manager instance.    
baseDirectory The base directory where the files are to be created. This directory must already exist.  

Global level: profile_root/config/cells/$CellName

Domain level: profile_root/config/waspolicies/$PolicyName/securitydomains/$DomainName

Note: fileRegistry.xml is copied for a new domain only if the source domain contains this file.
       
caseSensitive Specifies whether the file adapter is case sensitive. true or false false
saltLength The salt length of the randomly generated salt for password hashing  

[9.0.5.1 or later]The value is 32.

Before V8.5.5.17 and V9.0.5.1, the value was 12.
messageDigestAlgorithm The messageDigestAlgorithm used for hashing the password.  

[9.0.5.1 or later]The value is PBKDF2WithHmacSHA1.

Before V8.5.5.17 and V9.0.5.1, the value was SHA-1.

[9.0.5.1 or later]keyLength

 The to-be-derived key length for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1.   32

[9.0.5.1 or later]hashIterations

 The number of iterations to perform for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1.   100000
fileName The file name for the repository.   fileRegistry.xml

[9.0.5.12 or later]accountLockoutThreshold

 Specifies the number of unsuccessful attempts that a user is allowed before the account is locked. To disable account lockout, set the account lockout threshold to 0. Integer, 0 or greater 5

[9.0.5.12 or later]accountLockoutDuration

 Specifies the duration of time in minutes that the account is locked when the number of unsuccessful login attempts exceeds the accountLockoutThreshold value. The value for this attribute must be greater than zero if the accountLockoutThreshold attribute is set. Integer greater than 0 15

[9.0.5.12 or later]ignoreFailedLoginAfter

 Specifies the duration of time in minutes that a single unsuccessful login attempt counts toward the account lockout threshold. All failed login attempts for the user account are also cleared after a successful login or after a password update. If the accountLockoutThreshold attribute is set, the value for this attribute must be greater than 0. Integer greater than 0 15

The following code sample is an example of a basic wimconfig.xml file that has been configured to use the file repository, InternalFileRepository. You can modify the appropriate values that are shown in italic.

<config:repositories xsi:type="config:FileRepositoryType" 
       adapterClassName="com.ibm.ws.wim.adapter.file.was.FileAdapter"
       id="InternalFileRepository" 
       messageDigestAlgorithm="SHA-1">
       <config:baseEntries name="o=defaultWIMFileBasedRealm"/>
</config:repositories>