Security configuration report

Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Set up, enabling and migrating security > Enable security

Security configuration report

Overview

The security configuration report gathers and displays the current security settings of the application server. Information is gathered about core security settings, administrative users and groups, CORBA naming roles, and cookie protection. When multiple security domains are configured, each security domain has it's own report with a subset of the sections shown in the global security report that apply to the domain.
New feature: The security configuration report now includes information about...

session security
web Attributes
HttpOnly setting

To run, go to, from the admin console, go to...
Security | Global Security | Security Configuration Report

The columns

Console Name Name of the security attribute as found in the admin console. If the value in this column is on a row highlighted in blue, and is the only entry on the row, then it is the start of a new section.
Security Configuration Name Security attribute as found in the configuration file.
Value Value of the security attribute.
Console Path Name Path where the attribute is found on the console.

The sections

Security Settings Information about the top-level security attributes. These attributes set the default for administrative security for the server, such as whether security is enabled, the default user registry, or if Java security is enabled.
Authentication Mechanisms and expirations Attributes associated with each authentication mechanisms and trust associations as defined in the configuration.
User Registry Attributes for the default user registry for the server.
Authorization configuration Attributes configured for an external JACC provider.
Application login configuration Application JAAS login entries and their login modules attributes.
CSI Attributes that define the inbound and outbound information for the Common Secure Interoperability (CSI) protocol.
SSL configuration repertoires Attributes that make up the SSL configuration used by the server. There can be multiple SSL configurations defined, and information about each is displayed. This object is often referenced by an SSL configuration group object used to associate it with an inbound or an outbound connection.
Key stores Keystore attributes for each keystore in the configuration. Keystore objects in the configuration are often referenced by an SSL configuration object in the configuration.
Trust managers Attributes that make up trust managers that can be used by the server. Trust manager objects in the configuration are typically referenced by an SSL configuration object.
Key managers Attributes that make up the key managers that are used by the server. Key manager objects in the configuration are typically referenced by an SSL configuration object.
SSL configuration group Attributes that make up an SSL configuration that are used for an outbound or an inbound connection.
Management scope Attributes that make up a management scope. The SSL configuration-related objects in the security configuration are defined within a management scope to reference the management scope object.
Key set groups Attributes that make up a group of key sets, which are used to manage public, private and shared keys.
Key set Attributes that make up the key set, which is used to manage public, private, and shared keys.
Schedules Attributes that make up the scheduled process in the security configuration.
Notifications Attributes that make up notification objects in the security configuration.
Manage certificate expiration Attributes that define how startCertificateExpMonitor is run on the server.
System login configuration Attributes that define the System login entries and their login modules.
Custom properties Custom properties defined in the security configuration.
Web Authentication Properties used to define web authentication used by the server.
Administrative Users and Groups Attributes that define roles and the users and groups associated with them as found in the admin-authz.xml file. The column titled Administrative Role Name contains the name of the administrative role. A column titled Administrative Role Value contains the user ID associated with the role (if one exists).
Corba Naming Console Names CORBA naming roles and the users that are assigned to the roles.
Console Name for Certificate Management Certificate in keystore that are defined in the security configuration. There is also information about the certificates location and their validity period.
Cookie Protection Attributes that pertain to HTTP Cookies. This section differs from other sections since information is gathered from different configuration files. The HttpOnly custom property, the web authentication com.ibm.wsspi.security.web.webAuthReq property, and the session security setting on each server are displayed on the report.
Java Authorization SPI Configuration Attributes that are defined for the Java Authorization SPI (JASPI) configuration. If there is a JASPI configuration object in the security configuration, information is included concerning whether JASPI is enabled, the name of the default JASPI provider, and a list of defined providers and their authentication modules.
If JASPI has not been configured, this section is not shown in the security configuration report.
Management scope configurations
Custom properties
Enable security
Global security settings
Personal certificates collection
Trust managers collection
Key managers collection
Key set groups collection
Key sets collection
Web authentication settings
Administrative roles
Administrative group roles and CORBA naming service groups
JaspiManagement command group

+
Search Tips | Advanced Search

Console Name	Name of the security attribute as found in the admin console. If the value in this column is on a row highlighted in blue, and is the only entry on the row, then it is the start of a new section.
Security Configuration Name	Security attribute as found in the configuration file.
Value	Value of the security attribute.
Console Path Name	Path where the attribute is found on the console.

Security Settings	Information about the top-level security attributes. These attributes set the default for administrative security for the server, such as whether security is enabled, the default user registry, or if Java security is enabled.
Authentication Mechanisms and expirations	Attributes associated with each authentication mechanisms and trust associations as defined in the configuration.
User Registry	Attributes for the default user registry for the server.
Authorization configuration	Attributes configured for an external JACC provider.
Application login configuration	Application JAAS login entries and their login modules attributes.
CSI	Attributes that define the inbound and outbound information for the Common Secure Interoperability (CSI) protocol.
SSL configuration repertoires	Attributes that make up the SSL configuration used by the server. There can be multiple SSL configurations defined, and information about each is displayed. This object is often referenced by an SSL configuration group object used to associate it with an inbound or an outbound connection.
Key stores	Keystore attributes for each keystore in the configuration. Keystore objects in the configuration are often referenced by an SSL configuration object in the configuration.
Trust managers	Attributes that make up trust managers that can be used by the server. Trust manager objects in the configuration are typically referenced by an SSL configuration object.
Key managers	Attributes that make up the key managers that are used by the server. Key manager objects in the configuration are typically referenced by an SSL configuration object.
SSL configuration group	Attributes that make up an SSL configuration that are used for an outbound or an inbound connection.
Management scope	Attributes that make up a management scope. The SSL configuration-related objects in the security configuration are defined within a management scope to reference the management scope object.
Key set groups	Attributes that make up a group of key sets, which are used to manage public, private and shared keys.
Key set	Attributes that make up the key set, which is used to manage public, private, and shared keys.
Schedules	Attributes that make up the scheduled process in the security configuration.
Notifications	Attributes that make up notification objects in the security configuration.
Manage certificate expiration	Attributes that define how startCertificateExpMonitor is run on the server.
System login configuration	Attributes that define the System login entries and their login modules.
Custom properties	Custom properties defined in the security configuration.
Web Authentication	Properties used to define web authentication used by the server.
Administrative Users and Groups	Attributes that define roles and the users and groups associated with them as found in the admin-authz.xml file. The column titled Administrative Role Name contains the name of the administrative role. A column titled Administrative Role Value contains the user ID associated with the role (if one exists).
Corba Naming Console Names	CORBA naming roles and the users that are assigned to the roles.
Console Name for Certificate Management	Certificate in keystore that are defined in the security configuration. There is also information about the certificates location and their validity period.
Cookie Protection	Attributes that pertain to HTTP Cookies. This section differs from other sections since information is gathered from different configuration files. The HttpOnly custom property, the web authentication com.ibm.wsspi.security.web.webAuthReq property, and the session security setting on each server are displayed on the report.
Java Authorization SPI Configuration	Attributes that are defined for the Java Authorization SPI (JASPI) configuration. If there is a JASPI configuration object in the security configuration, information is included concerning whether JASPI is enabled, the name of the default JASPI provider, and a list of defined providers and their authentication modules. If JASPI has not been configured, this section is not shown in the security configuration report.