What is administrative security

Administrative security represents the security configuration that is effective for the entire security domain. A security domain consists of all of the servers that are configured with the same user registry realm name. In some cases, the realm can be the machine name of a local operating system registry. In this case, all of the application servers must reside on the same physical machine. In other cases, the realm can be the machine name of a standalone Lightweight Directory Access Protocol (LDAP) registry.

A multiple node configuration is supported because you can access remotely user registries that support the LDAP protocol. Therefore, you can enable authentication from anywhere.

The basic requirement for a security domain is that the access ID that is returned by the registry or repository from one server within the security domain is the same access ID as that returned from the registry or repository on any other server within the same security domain. The access ID is the unique identification of a user and is used during authorization to determine if access is permitted to the resource. The administrative security configuration applies to every server within the security domain.

Enabling administrative security activates a wide variety of security settings for WebSphere Application Server. While the values of these settings can be specified they take effect only when administrative security is activated. These settings include authentication of users, the use of Secured Socket Layer(SSL), the choice of user account repository and application security

In WAS 6.1, the global security has been split into administrative and application security, each of which can be enabled separately. However, in order for application security to take effect administrative security must be enabled.

No comments: