How to authenticate against an operating system, LDAP, or federated repository in WebSphere

Home > Search > How-to
  by

In the left panel of the WebSphere web console, expand Security and select Global security. Administrative security is enabled by default during the installation of WebSphere.

 

If "Enable administrative security" is not checked, when navigating to the WebSphere web console, you will only see a prompt to provide a username, and you will be able to sign into the web console simply by pressing Log in without having to provide a username. Administrative security must be enabled in order to require users to provide a username and/or password to access the WebSphere web console. It is also noteworthy that administrative security provides other security functions, such as encryption and authorization.

If you want to change the administrative security setting, you will need to restart the application server or dmgr after the change is made for the change to take effect.

 

By default, the repository will be set to Local operating system.

 

A repository is the type of system that will be used to store and retrieve user account information (username, password, et cetera). There are 4 types of repositories that can be used.

  • Local operating system - get user accounts from the operating system
  • Federated repository - this is a sort of wrapper that get user accounts from other systems, such as LDAP or a file on the server. This may be preferred over LDAP repository, because a federated repository includes the ability to authenticate against LDAP, as well as other systems, so there is an alternate authentication resource if authentication against LDAP fails.
  • LDAP repository - get user accounts from an LDAP server
  • Custom repository

 


Federated repository

  1. In the left panel of the WebSphere web console, expand Security and select Global Security.
  2. Select Security Configuration Wizard.
  3. At Step 1, select Enable application security and select Next.
  4. At Step 2, select Federated repository and select Next.
  5. At Step 3, enter a username and password for the primary administrative user and select Next.
  6. At Step 4, select Finish.
  7. Select Save.

The repository will now be set to Federated repositories. Restart the Deployment Manager for the change to take effect.

 

The web console sign in screen should now have fields for both the username and password.

 


LDAP

  1. In the left panel of the WebSphere web console, expand Security and select Global Security.
  2. Select Security Configuration Wizard.
  3. At Step 1, select Enable application security and select Next.
  4. At Step 2, select Standalone LDAP registry and select Next.
  5. At Step 3, complete the form to use an LDAP server for authentication.
  6. At Step 4, select Finish.
  7. Select Save.

The repository will now be set to Standalone LDAP registry. Restart the Deployment Manager for the change to take effect.

 

The web console sign in screen should now have fields for both the username and password.

 

The global security settings are stored in the security.xml file which is located at /opt/IBM/WebSphere/server_name/profiles/profile_name/cells/cell_name/.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments


June 7th, 2018 by Addy
Thank you Jeremy for such post. I'm new to Websphere and I was unable to enable Enable Administrative Security in Websphere.. was getting error on UI-SECJ7716E Primary administrative user Id does not exist in the registry. This post helped me get going with ldap configuration.


June 8th, 2018 by Jeremy (moderator)
Hi Addy. I am very happy to know that this article was helpful, and I am also excited to know that you were able to configure WebSphere to authenticate against an LDAP repository. Great work!