Skip to content

Configuring the default basic registry

This topic provides information about the default basic registry configuration in HCL Digital Experience (DX) Compose. The basic registry is a file-based user registry that stores user credentials in the Liberty server configuration. Starting with CF234, the default basic registry configuration is externalized to Helm values. Starting with CF235, all registry settings—including enabling or disabling the basic registry, the realm name, and the administrator username and group—are fully configurable.

The following changes have been made to the basic registry configuration:

  • The default basic registry is now controlled using Helm values.

  • The test users admin1 and nonadmin have been removed from the default configuration.

    Note

    If your scripts, tests, or applications rely on these users, you must recreate them using configuration overrides.

  • The nonadmins user group has been removed from the default configuration.

Default basic registry configuration

By default, the basic registry is enabled and configured with the following settings:

security:
  webEngine:
    basicRegistry:
      enabled: true
      realm: "defaultWIMFileBasedRealm"

This configuration creates a single administrator user (wpsadmin) that belongs to the wpsadmins group, which is granted the administrator role.

Note

Starting with CF235, you can change the administrator username, disable the basic registry for LDAP-only deployments, and customize the realm name. For more information, see Configuring the administrator user and group and Updating the default administrator password.

Disabling the basic registry

You can disable the basic registry to rely exclusively on LDAP authentication. Set enabled to false, ensure that webEngineAdminGroup points to a valid LDAP group DN, and provide the LDAP administrator credentials by using customWebEngineSecret:

security:
  webEngine:
    webEngineUser: ""
    webEnginePassword: ""
    webEngineAdminGroup: "cn=admins,ou=groups,dc=example,dc=com"
    customWebEngineSecret: "CUSTOM_SECRET_NAME"
    basicRegistry:
      enabled: false

Note

When you disable the basic registry, both webEngineAdminGroup and the credentials in customWebEngineSecret must reference valid entries in your LDAP directory. WebEngine requires at least one administrator to be defined at startup. For steps to create the secret with LDAP credentials, see Configuring the administrator user and group.

Customizing the basic registry realm

You can customize the realm name for the basic registry by modifying the realm value:

security:
  webEngine:
    basicRegistry:
      enabled: true
      realm: "myCustomRealm"

The realm name is used in the basicRegistry configuration and in the federated repository participatingBaseEntry.

Add additional users to the basic registry

To add additional users or groups to the basic registry, use configuration overrides. For more information, see Configuration changes by using overrides.

For administrator identity configuration, including changing the administrator username and group, see Change the default administrator user.