FreeKB - How to authenticate against an operating system, LDAP, or federated repository in WebSphere
How to authenticate against an operating system, LDAP, or federated repository in WebSphere
Home > Search > How-to
  by

In the left panel of the WebSphere web console, expand Security and select Global security. Ensure administrative security is enabled.

By default, the repository will be set to Local operating system.

 

A repository is the type of system that will be used to store and retrieve user account information (username, password, et cetera). There are 4 types of repositories that can be used.

  • Local operating system - get user accounts from the operating system
  • Federated repository - this is a sort of wrapper that get user accounts from other systems, such as LDAP or a file on the server. This may be preferred over LDAP repository, because a federated repository includes the ability to authenticate against LDAP, as well as other systems, so there is an alternate authentication resource if authentication against LDAP fails.
  • LDAP repository - get user accounts from an LDAP server
  • Custom repository

 

Federated repository

  1. In the left panel of the WebSphere web console, expand Security and select Global Security.
  2. Select Security Configuration Wizard.
  3. At Step 1, select Enable application security and select Next.
  4. At Step 2, select Federated repository and select Next.
  5. At Step 3, enter a username and password for the primary administrative user and select Next.
  6. At Step 4, select Finish.
  7. Select Save.

The repository will now be set to Federated repositories. Restart the Deployment Manager for the change to take effect.

 

The web console sign in screen should now have fields for both the username and password.

 

LDAP

  1. In the left panel of the WebSphere web console, expand Security and select Global Security.
  2. Select Security Configuration Wizard.
  3. At Step 1, select Enable application security and select Next.
  4. At Step 2, select Standalone LDAP registry and select Next.
  5. At Step 3, complete the form to use an LDAP server for authentication.
  6. At Step 4, select Finish.
  7. Select Save.

The repository will now be set to Standalone LDAP registry. Restart the Deployment Manager for the change to take effect.

 

The web console sign in screen should now have fields for both the username and password.

 

The global security settings are stored in the security.xml file which is located at /opt/IBM/WebSphere/server_name/profiles/profile_name/cells/cell_name/.

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments

June 7th, 2018 by Addy
Thank you Jeremy for such post. I'm new to Websphere and I was unable to enable Enable Administrative Security in Websphere.. was getting error on UI-SECJ7716E Primary administrative user Id does not exist in the registry. This post helped me get going with ldap configuration.

June 8th, 2018 by Jeremy (moderator)
Hi Addy. I am very happy to know that this article was helpful, and I am also excited to know that you were able to configure WebSphere to authenticate against an LDAP repository. Great work!

FreeKB   |   2019   |   support@freekb.net