Now click on the COnfigure button next to Federated Repository. It will take you to the Federated Repositories configurations screen. On this screen you will notice that there is one repository in the "Repositories in the realm" list, which is file based repository. THat means the users are stored in the File based repository.
If you want you can take a look at how the configuration is actually stored.
- The file based repository information is stored in wp_profile/config/cells/DefaultNode/fileRegistry.xml file. This is how it looks like by default
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:identifier externalId="c233f13f-663d-4292-baf0-989e2ef805a4" externalName="uid=wasadmin,o=defaultWIMFileBasedRealm"
uniqueId="c233f13f-663d-4292-baf0-989e2ef805a4" uniqueName="uid=wasadmin,o=defaultWIMFileBasedRealm"/>
<wim:parent>
<wim:identifier uniqueName="o=defaultWIMFileBasedRealm"/>
</wim:parent>
<wim:createTimestamp>2008-11-15T19:23:49.811Z</wim:createTimestamp>
<wim:modifyTimestamp>2009-04-04T10:43:02.788-07:00</wim:modifyTimestamp>
<wim:password>U0hBLTE6NWtqbHV1b3hjY2FwOmtzLzVMSHFQUkpCQ1R4ZGlIak8yRDRBdUlkYz0K</wim:password>
<wim:uid>wasadmin</wim:uid>
<wim:cn>wasadmin</wim:cn>
<wim:sn>wasadmin</wim:sn>
</wim:entities>
<wim:entities xsi:type="wim:Group">
<wim:identifier externalId="db0469c8-487a-4610-83de-c063f4652389" externalName="cn=wpsadmins,o=defaultWIMFileBasedRealm"
uniqueId="db0469c8-487a-4610-83de-c063f4652389" uniqueName="cn=wpsadmins,o=defaultWIMFileBasedRealm"/>
<wim:parent>
<wim:identifier uniqueName="o=defaultWIMFileBasedRealm"/>
</wim:parent>
<wim:createTimestamp>2008-11-15T19:25:08.265Z</wim:createTimestamp>
<wim:cn>wpsadmins</wim:cn>
<wim:members>
<wim:identifier uniqueName="uid=wasadmin,o=defaultWIMFileBasedRealm"/>
</wim:members>
</wim:entities>
</wim:Root>
</sdo:datagraph>
My repository has only one useruid=wasadmin,o=defaultWIMFileBasedRealm
because there is only one entry under<wim:entities xsi:type="wim:PersonAccount">
element. Also there is only one entry under<wim:entities xsi:type="wim:Group">
element forcn=wpsadmins,o=defaultWIMFileBasedRealm
group. If you sign up additional users then those entries would be created in this file.
THe password of the user is stored in the fileRegistry and it isSHA-1
algoritham. ANd it is hash that is valid for 1 day only. - The wimconfig.xml is another important file that is stored in wp_profile/config/cells/DefaultNode/wim/config directory. It has global information about the federated repository things like algorithm for password encryption, what all user repositories are part of the federated repository, etc. By default it looks like this
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:config="http://www.ibm.com/websphere/wim/config" xmlns:sdo="commonj.sdo">
<config:configurationProvider maxPagingResults="500" maxSearchResults="4500" maxTotalPagingResults="1000"
pagedCacheTimeOut="900" pagingEntityObject="true" searchTimeOut="600000">
<config:dynamicModel xsdFileName="wimdatagraph.xsd"/>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="Group">
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="OrgContainer">
<config:rdnProperties>o</config:rdnProperties>
<config:rdnProperties>ou</config:rdnProperties>
<config:rdnProperties>dc</config:rdnProperties>
<config:rdnProperties>cn</config:rdnProperties>
</config:supportedEntityTypes>
<config:supportedEntityTypes defaultParent="o=defaultWIMFileBasedRealm" name="PersonAccount">
<config:rdnProperties>uid</config:rdnProperties>
</config:supportedEntityTypes>
<config:repositories xsi:type="config:FileRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.file.was.FileAdapter"
id="InternalFileRepository" supportPaging="false" messageDigestAlgorithm="SHA-1">
<config:baseEntries name="o=defaultWIMFileBasedRealm"/>
</config:repositories>
<config:realmConfiguration defaultRealm="defaultWIMFileBasedRealm">
<config:realms delimiter="/" name="defaultWIMFileBasedRealm" securityUse="active">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="cn"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
</config:realmConfiguration>
<config:pluginManagerConfiguration>
<config:topicSubscriberList>
<config:topicSubscriber topicSubscriberName="DefaultDAViewProcessor" topicSubscriberType="ModificationSubscriber">
<config:className>com.ibm.ws.wim.plugins.orgview.impl.DefaultDAViewProcessorImpl</config:className>
</config:topicSubscriber>
</config:topicSubscriberList>
<config:topicRegistrationList>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.create">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="createInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.delete">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="deleteInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.update">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.ProfileManager.get">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="getInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
<config:topicEmitter topicEmitterName="com.ibm.ws.wim.authz.ProfileSecurityManager">
<config:preExit>
<config:notificationSubscriberList/>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:preExit>
<config:inlineExit inlineExitName="getInViewExplicit">
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
</config:inlineExit>
<config:postExit>
<config:modificationSubscriberList>
<config:modificationSubscriber>
<config:modificationSubscriberReference>DefaultDAViewProcessor</config:modificationSubscriberReference>
<config:realmList>All</config:realmList>
</config:modificationSubscriber>
</config:modificationSubscriberList>
<config:notificationSubscriberList/>
</config:postExit>
</config:topicEmitter>
</config:topicRegistrationList>
</config:pluginManagerConfiguration>
<config:authorization
isSecurityEnabled="true" useSystemJACCProvider="false" importPolicyFromFile="true"
isAttributeGroupingEnabled="true" defaultAttributeGroup="default"
jaccPolicyClass="com.ibm.sec.authz.provider.CommonAuthzPolicy"
jaccRoleMappingClass="com.ibm.sec.authz.provider.CommonAuthzRoleMapping"
jaccPolicyConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzPolicyConfigurationFactory"
jaccRoleMappingConfigFactoryClass="com.ibm.sec.authz.provider.CommonAuthzRoleMappingConfigurationFactory"
jaccRoleToPermissionPolicyId="WIM Policy"
jaccPrincipalToRolePolicyId="WIM Policy"
jaccRoleToPermissionPolicyFileName="wim-policy.xml"
jaccPrincipalToRolePolicyFileName="wim-rolemapping.xml">
<config:attributeGroups>
<config:groupName>general</config:groupName>
<config:attributeNames>cn</config:attributeNames>
<config:attributeNames>sn</config:attributeNames>
<config:attributeNames>uid</config:attributeNames>
</config:attributeGroups>
<config:attributeGroups>
<config:groupName>sensitive</config:groupName>
<config:attributeNames>password</config:attributeNames>
</config:attributeGroups>
<config:attributeGroups>
<config:groupName>unchecked</config:groupName>
<config:attributeNames>identifier</config:attributeNames>
<config:attributeNames>createTimestamp</config:attributeNames>
<config:attributeNames>modifyTimestamp</config:attributeNames>
<config:attributeNames>entitlementInfo</config:attributeNames>
</config:attributeGroups>
</config:authorization>
</config:configurationProvider>
</sdo:datagraph>
Important Note : Always take a backup of wimconfig.xml before changing the federated repository. theoretically You should be able to restore the federated repository by using this file if something goes wrong
1 comment:
Thanks for the explanation.
Post a Comment