When attempting to log into the WebSphere administrative console (ISC), or if a Java app deployed to WebSphere has an authentication page, the collection of valid usernames and passwords are obtained from the users registry. The image below illustrates a typical user registry configuration in WebSphere, where users are placed in a group, and the group is assigned a role. In this way, the users registry provides both authentication (users) and authorization (roles) capabilities.
WebSphere can be configured to obtain groups from the following sources.
In the left panel of the WebSphere web console, expand Users and Groups and select Manage Groups. If the below message is displayed, this suggests that WebSphere is configured to use the local Operating System or LDAP for authentication. When using the operating system or LDAP for authentication, the management of users and groups will be done using the operating system or LDAP.
If there is an option to Create, WebSphere is configured to use a federated repository for authentication. In this scenario, users and groups can be managed using the WebSphere web console. In this example, a group named Administrators is created.
At Manage groups, the groups that have been created will be displayed.
Add users to a group
- Select Users and Groups > Manage Groups.
- Select a group.
- Select the Members tab.
- Select Add Users.
- Add users to the group. Note that you can only add users that reside in the fileRegistry.xml file on the WebSphere server to the group.
- Select Close.
In this example, Jeremy Canfield is added to the Administrators group.