Table of Contents
Advertisement
<interceptors xmi:id="TAInterceptor_2"
interceptorClassName="com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus"/>
</trustAssociation>
<singleSignon xmi:id="SingleSignon_1" requiresSSL="false" domainName="acme.com"
enabled="true"/>
<private xmi:id="Key_1174328477781"
byteArray="d7zRPA3tyjvF5+XsCyCDPHR4OaV4cIIrP0Y1xrhjpjwyEUJBrXSPrD3psTZL9r4e22JcFh1BYjM08FrF2TaCq
sxbBc6j442UklMqgiGxWt+OA6MtEzdZT2cR/1HR2efFved19BNFp4KgNYEvXOMXhbUtpIr4arXXgiJPCoTdds6FNojLeiUcA
DdVVsUOzZAu24c6yfE4mkyZEzgUPmpw4sHIuSA+g1zvx1cGP8VqSZuKuOLfBLQlKITqEIHyvzovEhi6Jdf7serNG/bKUINwa
zkCLqcD3vTTKynOQDD7sr99AjGJO9ZKJCjUTChs1K4PKMiw9AAiPlPkyelaJZIeLG/Ml5NH+Dk2zBu9h9eqkmw="/>
<public xmi:id="Key_1174328477782"
byteArray="ALKQhPAflWyZ6vtTrrwirLBD0KHelxK3T7V/lH5Ww0isL35ogUw3cThpSJ9eCH4BZcOwOazNjPsXGNJOyf1aV
BpmtqS2fTcif9I6Olh7FZPrqr3leFfli7io0CtEmIK6iq9+p0tTyw2yB+IWMmKeABK50yUr8xLylqx9Tyi01E3XAQAB"/>
<shared xmi:id="Key_1174328477783"
byteArray="eaV+DxdLHfpiCqWwCbE0edPLNvvFrUAZAYLN1eDakp0="/>
</authMechanisms>
The very first enabled in the file marks whether the global security is enabled. In some cases,
you can manually set it to false to temporarily disable security so that you can start the
servers.
activeUserRegistry specifies that the actual user registry is configured. It can tell whether the
security was enabled to support WMM realm (with WMMUR) or not (LDAP only). The Custom
User Registry entries that appear later in the example give the configuration details of
WMMUR. Notice that the file locations in a cluster are different. They must point to those
under <wsas_profile_root>/config/wmm.
The trustAssociation stanza defines all the definitions of all the Trust Association Interceptors.
The TAI would be loaded only when enabled is set to true.
The single sign-on (SSO) domain is required in most cases. As we have explained in 4.1.4,
"Single sign-on (SSO)" on page 90, you can leave the domain blank, but this would only work
with a single system case.
The LTPA key is given as a private, a public, and a shared key. Whenever you generate a new
LTPA key, the three values in this file change. When multiple WebSphere application servers
participate in a single sign-on domain, they should share the same LTPA key and the three
values shown in security.xml should be exactly the same.
Example 4-4 Sample security.xml: the second segment
<userRegistries xmi:type="security:LocalOSUserRegistry" xmi:id="LocalOSUserRegistry" serverId=""
serverPassword="{xor}" realm=""/>
<userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_1"
serverId="uid=wasadmin,ou=people,ou=dept,o=acme.com" serverPassword="{xor}KD4sPjsyNjE="
ignoreCase="true" realm="corpldap.acme.com:389"
customRegistryClassName="com.ibm.websphere.wmm.registry.WMMUserRegistry">
<properties xmi:id="Property_1174328488359" name="WMMUR_LOGGING" value="true"
required="false"/>
<properties xmi:id="Property_1174328488906" name="WMMUR_CONFIG"
value="C:/IBM/WEBSPH~1/PORTAL~1/wmm/wmmur.xml" required="true"/>
<properties xmi:id="Property_1174328489234" name="WASUSER_REGISTRY_TYPE"
value="wmmFileRegistry" required="false"/>
<properties xmi:id="Property_1174328489672" name="wmmUserSecurityNameAttr" value="uid"
required="true"/>
Chapter 4. WebSphere Portal security
111
Advertisement
Table of Contents
Troubleshooting
