Websphere Application Server Security
Authentication – is the act of proving a certain user’s identity.
Authorization – is a process of granting access or giving permission to a user to perform certain tasks.
To perform these operations of Authentication and Authorization, Websphere needs ‘REGISTRY’.
Websphere supports three kinds of registries.
- Operating System
A user provided class is used to implement the registry API
User and group registry used by the host operating system.
A registry that supports the Light Weight Directory Access Protocol.
Custom registry : 1. Create a registry file in the appropriate location. Ex: c:\fileregistry\
For users create: usersfile.registry
For groups create: groupfile.registry
To configure Websphere security on your WAS you have to perform 3 tasks.
- Configure user registry
- Configure LTPA [light weight third party authentication]
- Enable security.
Note: LTPA is like a token, which passes between the browser request and the application server. It is used to provide an identity to the remote server, that the particular request is coming from a particular user.
The following are screen shots from the base edition.
Security -> Global security ->
In the user registries select custom registries; give the user id and password.
Here I have given admin/admin
Now click on custom properties, and give the location of the users.registry file, click apply and ok.
Similarly add groups.registry.
To configure the LTPA authentication mechanism, go to console security -> global security -> Authentication Mechanism ->
Here I have given administrator as the password.
You should apply and save the changes.
Now you are ready to enable the global security.
After saving it will lead to the console as follows:
Select to enable global security, uncheck java 2 security.
In the active protocol list there are two options:
- CSI and SAS
In the active protocol list select CSI (Common Secure Interoperability protocol).
If you need back ward compatibility with the other versions of WAS select CSI and SAS.
For active authentication mechanism select LTPA.
For active user registry Select custom user registry and click apply.
Click Apply, then OK.
It’s OK if you received warnings.
Stop the server.
then login again.
On the address bar, you will observe that you were redirected to a secured Http: environment:
To create a group of administrators who should login.
Go to System Administration -> console -> console groups and add