Realm configuration settings

Network Deployment (Distributed operating systems), v8.0 > Reference > Sets

Realm configuration settings

The realm can consist of identities in...

The default file-based repository
One or more external repositories
Both

To view this administrative console page...

In the administrative console, click...
Security | Security domains | User realm | Customize for this domain | Realm type | Federated repositories | Configure

When you finish adding or updating your federated repository, to validate changes...
Security > Global security > Apply

The file-based repository is included in the realm by default.
To configure LDAP repositories to store identities in the realm, click Add base entry to realm and specify a repository configuration and base entry. We can configure multiple different base entries into the same repository. Click Remove to remove selected repositories from the realm. Repository configurations and contents are not destroyed. The realm must always contain at least one base entry; therefore, you cannot remove every entry. If you plan to remove the built-in, file-based repository from the administrative realm, verify that at least one user in another member repository is a console user with administrative rights. Otherwise, disable security to regain access to the administrative console.
WAS Version 7.0 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository. However, if you are adding a previous version node to the latest version cell and the previous version node used a server identity and password, ensure that the server identity and password for the previous version are defined in the repository for this cell. Enter the server user identity and password on this panel.

Realm settings

Realm name Name of the realm. We can change the realm name.
Primary administrative user name Name of the user with administrative privileges that is defined in the repository, for example, wasadmin. Used to log on to the administrative console when administrative security is enabled. v6.1 requires an administrative user that is distinct from the server user identity so that administrative actions can be audited. In WAS, v6.0.x, a single user identity is required for both administrative access and internal process communication. When migrating to v6.1, this identity is used as the server user identity. You need to specify another user for the administrative user identity.
Automatically generated server identity Enable the application server to generate the server identity. Recommended for environments that contain only v6.1 or later nodes. Automatically generated server identities are not stored in a user repository. Default: Enabled
Server identity stored in the repository User identity in the repository used for internal process communication. Cells that contain v6.1 or later nodes require a server user identity that is defined in the active user repository. Default: Enabled
Server user ID or administrative user on a V6.0.x node User ID used to run the application server for security purposes.
Password Password that corresponds to the server ID.
Ignore case for authorization Specifies that a case-insensitive authorization check is performed. If case sensitivity is not a consideration for authorization, enable the Ignore case for authorization option.
Allow operations if some of the repositories are down Whether operations (such as login, search, or get) are allowed even if the repositories in the realm are down.
Use global schema for model Sets the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain. Application domains that are set to use global schema share the same schema of the admin domain. If you extend the schema for an application in one domain, also consider how that might affect applications of other domains, as they are bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.
Base entry Base entry within the realm. This entry and its descendents are part of the realm.
Repository identifier Unique identifier for the repository. This identifier uniquely identifies the repository within the cell.
Repository type Repository type, such as File or LDAP.

Manage realms in a federated repository

Related

LDAP repository configuration settings

+
Search Tips | Advanced Search

Realm name	Name of the realm. We can change the realm name.
Primary administrative user name	Name of the user with administrative privileges that is defined in the repository, for example, wasadmin. Used to log on to the administrative console when administrative security is enabled. v6.1 requires an administrative user that is distinct from the server user identity so that administrative actions can be audited. In WAS, v6.0.x, a single user identity is required for both administrative access and internal process communication. When migrating to v6.1, this identity is used as the server user identity. You need to specify another user for the administrative user identity.
Automatically generated server identity	Enable the application server to generate the server identity. Recommended for environments that contain only v6.1 or later nodes. Automatically generated server identities are not stored in a user repository. Default: Enabled
Server identity stored in the repository	User identity in the repository used for internal process communication. Cells that contain v6.1 or later nodes require a server user identity that is defined in the active user repository. Default: Enabled
Server user ID or administrative user on a V6.0.x node	User ID used to run the application server for security purposes.
Password	Password that corresponds to the server ID.
Ignore case for authorization	Specifies that a case-insensitive authorization check is performed. If case sensitivity is not a consideration for authorization, enable the Ignore case for authorization option.
Allow operations if some of the repositories are down	Whether operations (such as login, search, or get) are allowed even if the repositories in the realm are down.
Use global schema for model	Sets the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain. Application domains that are set to use global schema share the same schema of the admin domain. If you extend the schema for an application in one domain, also consider how that might affect applications of other domains, as they are bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.
Base entry	Base entry within the realm. This entry and its descendents are part of the realm.
Repository identifier	Unique identifier for the repository. This identifier uniquely identifies the repository within the cell.
Repository type	Repository type, such as File or LDAP.