Configure a user registry in Liberty

We can store user and group information for authentication in several types of registries. We can configure user and group information for authentication in several types of registries.

• A basic user registry
• One or more LDAP registries (Operations are executed on all the configured registries.)
• SAF registry for z/OS systems
• A custom user registry

Note: Unlike traditional WebSphere Application Server, Liberty DOES NOT support Windows, AIX, Linux, or Windows local user registries.

Changing the user registry can affect both the server configuration and clients using the server. Before we change the user registry without restarting the server, consider the following points:

• If we change the user registry type or realm name, all web clients must clear their single sign-on tokens.

• If we change the user registry type or realm name, any values of accessId specified in the authorization bindings must be updated. The accessId takes the form of user:realmName/uniqueId or group:realmName/uniqueId. The realmName in the accessId must match the realmName for the configuration user registry.