IBM WebSphere - User Accounts Repository - configure a federated repository

A federated repository is a system that contains a registry of users (eg. username, password, et cetera). This type of repository is called "federated" because the repository can be configured to get user accounts from multiple different systems:

  • LDAP
  • The fileRegistry.xml file on your WebSphere server
  • Operating System
  • SQL Database

Note that you cannot setup a SQL database repository using the WebSphere admin console. Instead, wsadmin must be used to setup a SQL database repository.


Security Configuration Wizard​

When using the WebSphere admin console, you can use the Security Configuration Wizard to create the Federated Repository, or you can manually configure the Federated Repository. Follow these steps to create the Federated Repository using the Security Configuration Wizard.

  1. In the WebSphere admin console, select Security Global Security.
  2. Select Security Configuration Wizard.
  3. At Step 1, you can optionally enable Application Security and Java 2 Security. If you enable these options, security constraints will be applied to the applications deployed to WebSphere. Select Next.
  4. Select Federated Repositories and select Next.
  5. Enter a username and password for the primary administrative user and select Next
  6. Select Finish.
  7. Select Save.

Now, in the User account repository section of the Global Security page, Federated repositories will be selected. The deployment manager will need to be restarted for this change to take effect, so that you can authenticate against the Federated Repository.


When setting up the Federated Repository using the Security Configuration Wizard, the Federated Repository will be configured to obtain user accounts from the ${was_install_root}/profiles/your_profile/config/cells/your_cell/fileRegistry.xml file on the WebSphere server. Selecting the Federated Repository will show "defaultWIMFileBasedRealm" and "InternalFileRepository".


Manually configure the Federated Repository

To manually configure a Federated Repository, at Security Global Security, select Configure.


Give the Federeted Repository a realm name, and a username for the primary administrative user account.


Add one or more repositories. In this example, the repository that is a file on the server is added to the Federated Respository.


Using wsadmin

The following wsadmin command will display the current type of repository being used.

wsadmin> AdminTask.listIdMgrRepositories()
'{InternalFileRepository={repositoryType=File, host=LocalHost}}'


If you would like, you can configure the federated repository to obtain credentials from other sources, such as from LDAP.

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 566ef in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |