Configuring security
Configuring security on the new .
About this task
You can implement an OpenID Connect (OIDC) user registry, a Lightweight Directory Access Protocol (LDAP) user registry, or a basic user registry by configuring the sample authentication templates provided in XML format. You can further customize the templates by adding additional elements to the XML files. For a full list of the elements that you can configure to complement or modify the configuration, see the related Open Liberty documentation, for example LDAP User Registry (ldapRegistry).
Configuring an LDAP user registry
About this task
- OpenLDAP: auth_OpenLDAP_config.xml
- IBM® Directory Server: auth_IDS_config.xml
- Windows Server Active Directory: auth_AD_config.xml
To configure a common authentication provider for both the HCL Workload Automation and the Dynamic Workload Console, complete the following steps:
Procedure
-
Assign a role to your authentication provider user or group.
- Log in to the Dynamic Workload Console as administrator and access the Manage Roles page.
- Add a new Entity of type Group to the role you want to assign to your authentication provider user or group and click Save.
-
Update the authentication configuration template file with the details
about your authentication provider server.
-
Copy the template file to a working directory. The templates are
located in the following path:
- Dynamic Workload Console
-
DWC_DATA_dir/usr/servers/dwcServer/configDropins/templates/authentication - master domain manager
-
TWA_DATA_DIR/usr/servers/engineServer/configDropins/templates/authentication
- Dynamic Workload Console
-
DWC_home\usr\servers\dwcServer\configDropins\templates\authentication - master domain manager
-
TWA_home\usr\servers\engineServer\configDropins\templates\authentication
-
The overrides directory is located in the
following path:
- Dynamic Workload Console
-
DWC_DATA_dir/usr/servers/dwcServer/configDropins/overrides - master domain manager
-
TWA_DATA_DIR/usr/servers/engineServer/configDropins/overrides
- Dynamic Workload Console
-
DWC_home\usr\servers\dwcServer\configDropins\overrides - master domain manager
-
TWA_home\usr\servers\engineServer\configDropins\overrides
For more information about configuring an LDAP registry, see the Open Liberty documentation, for example: Configure an LDAP user registry and Federated user registries.
-
Copy the template file to a working directory. The templates are
located in the following path:
Configuring a basic user registry
About this task
You might want to use a basic user registry by defining the users and groups information for authentication on Open Liberty, even though this type of authentication is not recommended. This type of authentication cannot be used for production, but only for test purposes.
To configure basic user registry, complete the following steps:
Procedure
- Copy the auth_basicRegistry_config.xml template from the templates folder to a working folder.
-
Edit the template file in the working folder with the desired configuration by adding users and
groups as necessary.
To add a user, add an entry similar to the following in the basicRegistry section:
<user name="nonadminuser" password="{xor}Ozo5PiozKw=="/>To add a group, add an entry similar to the following in the basicRegistry section:<group name="TWSUsers"> <member name="nonadminuser"/> </group> -
Store the password in xor, aes, or hash formats using the
Open Liberty
securityUtility command, as described in securityUtility command.
This utility requires the JAVA_HOME environment variable to be set. If you do not have Java installed, you can optionally use the Java version provided with the product and available in:
- HCL Workload Automation
- <INST_DIR>/TWS/JavaExt/jre/jre
- Dynamic Workload Console
- <DWC_INST_DIR>/java/jre/bin
- Create a backup copy of the configuration file in the overrides folder, if already present.
- Copy the updated template file to the overrides folder. Maintaining the original folder structure is not required.