Configure inbound trusted realms for multiple security domains
We can configure which realms to grant inbound trust to for multiple security domains. The trust relationship between realms is used when communicating with Lightweight Third-Party Authentication (LTPA) tokens. Once a LTPA token is decrypted by the receiving server, the realm in the token is checked to see if it is trusted. If it is not, the validation of the token fails. A realm represents a user registry in WebSphere Application Server. Only users assigned to the administrator role can configure multiple security domains. Enable global security in the environment before configuring multiple security domains.
To configure inbound trusted realms for multiple security domains...Security > Security domains > domain > Security Attributes > User realm > Customize for this domain > Related Items > Trusted authentication realms - inbound > [Trust all realms (including those external to this cell) | Trust realms]
If Kerberos authentication is enabled, and we have cross realms or trusted realms, add the Kerberos trusted realm by selecting Trust realms.
Click Apply and then Save.
What to do next
The realms we selected to trust accept messages from other trusted realms but do not accept messages from untrusted realms. Select "Add External Realm" to add trust for realms that are external to this cell.
Related:
Multiple security domains Copy multiple security domains Create new multiple security domains Configure multiple security domains Deleting multiple security domains Configure security domains using scripting Configure multiple security domains using scripting Remove security domains using scripting Mapping resources to security domains using scripting Administrative roles