Enable WebSphere global security using Local operating system

Create a Windows user for WebSphere

  1. Log in to Windows by using an administrator user account.
  2. Select Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
  3. Right-click Users and select New User.
  4. Type a user name and password in the appropriate boxes, and type any other information you require in the remaining boxes.
  5. Deselect User Must Change Password At Next Login, click Create, and then click Close.
  6. Click Users, right-click the user you just created and select Properties.
  7. Click the Member Of tab and then click Add.
  8. In the Enter The Object Names To Select box, type Administrators, click Check Names to ensure that the group name is correct.
  9. Click OK and then click OK again.
  10. Select Start > Control Panel > Administrative Tools > Local Security Policy > Local Policies.
  11. Click User Rights Assignment, and then right-click Act as Part of the Operating System and select Properties.
  12. Click Add User or Group.
  13. In the Enter The Object Names To Select box, type the name of the user you created in step 4, click Check Names to ensure that the name is correct, and then click OK.
  14. Click OK to close the Act As Part Of The Operating System Properties dialog box.

Create a Linux or UNIX user for WebSphere

  1. Log in as the root user.
  2. Create a user by entering the following command in a command prompt:
    • (Linux and Sun Solaris) useradd
    • (IBM AIX) mkuser
  3. Set the password of the new user by entering passwd in the command prompt.
  4. (Linux and Solaris) Create a shadow password file by entering pwconv (with no parameters) in the command prompt.NOTE(Linux and Solaris) For WebSphere Application Server Local OS security registry to work, a shadow password file must exist. The shadow password file is usually named /etc/shadow* and is based on the /etc/passwd file. If the shadow password file does not exist, an error occurs after enabling global security and configuring the user registry as Local OS.*
  5. Open the group file from the /etc directory in a text editor.
  6. Add the user who you created in step 2 to the root group.
  7. Save and close the file.
  8. (UNIX with SSL enabled) Start and stop WebSphere as the root user.

Enabling Global security

1) Log onto your WebSphere Application Administrative console.

2) Select Security – Global Security

3) Ensure Local operating system is selected under Available realm definitions – select configure

4) Enter your Primary Administrative user name.

5) Apply and Save your changes

6) Select Security – Global Security

7) Enable Administrative security. Uncheck Enable application security. The purpose of this document is to enable Administrative Security only.

8) Apply and Save your changes. Restart your WebSphere Application Server.

9) Once the server is restarted access your WebSphere Application Server Administrative console. This is a SSL connection, if you see SSL errors accept the exception to continue. You will be prompted for a user ID and Password

Once above steps are completed we should be able to login to websphere admin console with OS local id and password .

Configure WebSphere to use the other id’s as Deployer,monitor,operator or any other roles as per requirement

  1. Ensure that WebSphere is running.
  2. In WebSphere Administrative Console, select Security > Global Security.
  3. Under Administrative security, select Administrative user roles.
  4. Click Add and do the following:
    1. Type * in the search box and click search.
    2. select the roles under roles.
    3. Add the newly created user to Mapped to role .
  5. Click OK and save your changes.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *