Federated repository default file based implementation

When you install WebSphere Portal by default the Application security is enabled and it is configured to use Federated Repository. You can take a look at this by login into WebSphere Application Server Admin console and Go to Security -> Secure administration, applications, and infrastructure. You will get this screen

Now click on the COnfigure button next to Federated Repository. It will take you to the Federated Repositories configurations screen. On this screen you will notice that there is one repository in the "Repositories in the realm" list, which is file based repository. THat means the users are stored in the File based repository.

If you want you can take a look at how the configuration is actually stored.

  1. The file based repository information is stored in wp_profile/config/cells/DefaultNode/fileRegistry.xml file. This is how it looks like by default

    <?xml version="1.0" encoding="UTF-8"?>
    <sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
    <wim:Root>
    <wim:entities xsi:type="wim:PersonAccount">
    <wim:identifier externalId="c233f13f-663d-4292-baf0-989e2ef805a4" externalName="uid=wasadmin,o=defaultWIMFileBasedRealm"
    uniqueId="c233f13f-663d-4292-baf0-989e2ef805a4" uniqueName="uid=wasadmin,o=defaultWIMFileBasedRealm"/>
    <wim:parent>
    <wim:identifier uniqueName="o=defaultWIMFileBasedRealm"/>
    </wim:parent>
    <wim:createTimestamp>2008-11-15T19:23:49.811Z</wim:createTimestamp>
    <wim:modifyTimestamp>2009-04-04T10:43:02.788-07:00</wim:modifyTimestamp>
    <wim:password>U0hBLTE6NWtqbHV1b3hjY2FwOmtzLzVMSHFQUkpCQ1R4ZGlIak8yRDRBdUlkYz0K</wim:password>
    <wim:uid>wasadmin</wim:uid>
    <wim:cn>wasadmin</wim:cn>
    <wim:sn>wasadmin</wim:sn>
    </wim:entities>
    <wim:entities xsi:type="wim:Group">
    <wim:identifier externalId="db0469c8-487a-4610-83de-c063f4652389" externalName="cn=wpsadmins,o=defaultWIMFileBasedRealm"
    uniqueId="db0469c8-487a-4610-83de-c063f4652389" uniqueName="cn=wpsadmins,o=defaultWIMFileBasedRealm"/>
    <wim:parent>
    <wim:identifier uniqueName="o=defaultWIMFileBasedRealm"/>
    </wim:parent>
    <wim:createTimestamp>2008-11-15T19:25:08.265Z</wim:createTimestamp>
    <wim:cn>wpsadmins</wim:cn>
    <wim:members>
    <wim:identifier uniqueName="uid=wasadmin,o=defaultWIMFileBasedRealm"/>
    </wim:members>
    </wim:entities>
    </wim:Root>
    </sdo:datagraph>

    My repository has only one user uid=wasadmin,o=defaultWIMFileBasedRealm because there is only one entry under <wim:entities xsi:type="wim:PersonAccount"> element. Also there is only one entry under <wim:entities xsi:type="wim:Group">
    element for cn=wpsadmins,o=defaultWIMFileBasedRealm group. If you sign up additional users then those entries would be created in this file.
    THe password of the user is stored in the fileRegistry and it is SHA-1 algoritham. ANd it is hash that is valid for 1 day only.

  2. The wimconfig.xml is another important file that is stored in wp_profile/config/cells/DefaultNode/wim/config directory. It has global information about the federated repository things like algorithm for password encryption, what all user repositories are part of the federated repository, etc. By default it looks like this

    <sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:config="http://www.ibm.com/websphere/wim/config" xmlns:sdo="commonj.sdo">
    <config:configurationProvider maxPagingResults="500" maxSearchResults="4500" maxTotalPagingResults="1000"
    pagedCacheTimeOut="900" pagingEntityObject="true" searchTimeOut="600000">
    <config:dynamicModel xsdFileName="wimdatagraph.xsd"/>
    <config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="Group">
    <config:rdnProperties>cn</config:rdnProperties>
    </config:supportedEntityTypes>
    <config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="OrgContainer">
    <config:rdnProperties>o</config:rdnProperties>
    <config:rdnProperties>ou</config:rdnProperties>
    <config:rdnProperties>dc</config:rdnProperties>
    <config:rdnProperties>cn</config:rdnProperties>
    </config:supportedEntityTypes>
    <config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="PersonAccount">
    <config:rdnProperties>uid</config:rdnProperties>
    </config:supportedEntityTypes>
    <config:repositories xsi:type="config:FileRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.file.was.FileAdapter"
    id="InternalFileRepository" supportPaging="false" messageDigestAlgorithm="SHA-1">
    <config:baseEntries name="o=defaultWIMFileBasedRealm"/>
    </config:repositories>
    <config:realmConfiguration defaultRealm="defaultWIMFileBasedRealm">
    <config:realms delimiter="/" name="defaultWIMFileBasedRealm" securityUse="active">
    <config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
    <config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
    <config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
    <config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
    <config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
    <config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="cn"/>
    <config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
    </config:realms>
    </config:realmConfiguration>
    <config:pluginManagerConfiguration>
    <config:topicSubscriberList>
    <config:topicSubscriber topicSubscriberName="DefaultDAViewProcessor" topicSubscriberType="ModificationSubscriber">
    <config:className>com.ibm.ws.wim.plugins.orgview.impl.DefaultDAViewProcessorImpl</config:className>
    </config:topicSubscriber>
    </config:topicSubscriberList>
    <config:topicRegistrationList>
    <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.create">
    <config:preExit>
    <config:notificationSubscriberList/>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:preExit>
    <config:inlineExit inlineExitName="createInViewExplicit">
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:inlineExit>
    <config:postExit>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    <config:notificationSubscriberList/>
    </config:postExit>
    </config:topicEmitter>
    <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.delete">
    <config:preExit>
    <config:notificationSubscriberList/>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:preExit>
    <config:inlineExit inlineExitName="deleteInViewExplicit">
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:inlineExit>
    <config:postExit>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    <config:notificationSubscriberList/>
    </config:postExit>
    </config:topicEmitter>
    <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.update">
    <config:preExit>
    <config:notificationSubscriberList/>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:preExit>
    <config:postExit>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    <config:notificationSubscriberList/>
    </config:postExit>
    </config:topicEmitter>
    <config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.get">
    <config:preExit>
    <config:notificationSubscriberList/>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:preExit>
    <config:inlineExit inlineExitName="getInViewExplicit">
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:inlineExit>
    <config:postExit>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    <config:notificationSubscriberList/>
    </config:postExit>
    </config:topicEmitter>
    <config:topicEmitter topicEmitterName="com.ibm.ws.wim.authz.ProfileSecurityManager">
    <config:preExit>
    <config:notificationSubscriberList/>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:preExit>
    <config:inlineExit inlineExitName="getInViewExplicit">
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    </config:inlineExit>
    <config:postExit>
    <config:modificationSubscriberList>
    <config:modificationSubscriber>
    <config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
    <config:realmList>All</config:realmList>
    </config:modificationSubscriber>
    </config:modificationSubscriberList>
    <config:notificationSubscriberList/>
    </config:postExit>
    </config:topicEmitter>
    </config:topicRegistrationList>
    </config:pluginManagerConfiguration>
    <config:authorization
    isSecurityEnabled="true" useSystemJACCProvider="false" importPolicyFromFile="true"
    isAttributeGroupingEnabled="true" defaultAttributeGroup="default"
    jaccPolicyClass="com.ibm.sec.authz.provider.CommonAuthzPolicy"
    jaccRoleMappingClass="com.ibm.sec.authz.provider.CommonAuthzRoleMapping"
    jaccPolicyConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzPolicyConfigurationFactory"
    jaccRoleMappingConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzRoleMappingConfigurationFactory"
    jaccRoleToPermissionPolicyId="WIM Policy"
    jaccPrincipalToRolePolicyId="WIM Policy"
    jaccRoleToPermissionPolicyFileName="wim-policy.xml"
    jaccPrincipalToRolePolicyFileName="wim-rolemapping.xml">
    <config:attributeGroups>
    <config:groupName>general</config:groupName>
    <config:attributeNames>cn</config:attributeNames>
    <config:attributeNames>sn</config:attributeNames>
    <config:attributeNames>uid</config:attributeNames>
    </config:attributeGroups>
    <config:attributeGroups>
    <config:groupName>sensitive</config:groupName>
    <config:attributeNames>password</config:attributeNames>
    </config:attributeGroups>
    <config:attributeGroups>
    <config:groupName>unchecked</config:groupName>
    <config:attributeNames>identifier</config:attributeNames>
    <config:attributeNames>createTimestamp</config:attributeNames>
    <config:attributeNames>modifyTimestamp</config:attributeNames>
    <config:attributeNames>entitlementInfo</config:attributeNames>
    </config:attributeGroups>
    </config:authorization>
    </config:configurationProvider>
    </sdo:datagraph>




Important Note : Always take a backup of wimconfig.xml before changing the federated repository. theoretically You should be able to restore the federated repository by using this file if something goes wrong

4 comments:

sudheer.katakam said...

Thanks for the explanation.

srjwebsolutions said...


We are leading responsive website designing and development company in Noida.
We are offering mobile friendly responsive website designing, website development, e-commerce website, seo service and sem services in Noida.

Responsive Website Designing Company in Noida
Website Designing Company in Noida
SEO Services in Noida
SMO Services in Noida

Vikas Chaudhary said...

Battery Mantra is Authorized exide car battery dealer in Noida and Greater Noida. We are providing our service in Indirapuram, Delhi, Ashok Nagar.

Exide Battery Dealer in Noida
Battery Dealer in Noida
Authorized Battery Dealer in Noida
Car Battery Dealer in Noida
Car Battery Dealer
Exide Battery Dealer

EG MEDI said...

Egmedi.com is online medical store pharmacy in laxmi nagar Delhi. You can Order prescription/OTC medicines online.
Cash on Delivery available. Free Home Delivery


Online Pharmacy in Delhi
Buy Online medicine in Delhi
Online Pharmacy in laxmi nagar
Buy Online medicine in laxmi nagar
Onine Medical Store in Delhi
Online Medical store in laxmi nagar
Online medicine store in delhi
online medicine store in laxmi nagar
Purchase Medicine Online
Online Pharmacy India
Online Medical Store