Configure Administration Security

About this task

The default user registry used is the default WebSphere Application Server file- based user registry.

Procedure

  1. Navigate to Security > Global security;
  2. Set the Available realm definitions to be Federated repositories and click the Configure button;
  3. Set the Primary administrative username to be websphere;
  4. Select the Automatically generated server identity radio button;
  5. Select Ignore case for authorization and click OK;
  6. Enter the password for the default administrative user, e.g. websphere, enter the confirmation and click OK to confirm the changes;
  7. Set the Available realm definitions to be Federated repositories and click the Set as current button;
  8. Select Enable administrative security;
  9. Select Enable application security;
  10. Select Use Java 2 security to restrict application access to local resources and Warn if applications are granted custom permissions;
  11. Click the Apply button to confirm the changes;
  12. Navigate to Security > Global security;
  13. Select the Custom Properties link;
  14. Click New and set the name and value as follows:

    Name= com.ibm.ws.security.web.logoutOnHTTPSessionExpire

    Value= true

  15. Click OK to add the new property.
  16. Navigate to Security > Global security;
  17. Select Web and SIP Security > Single sign-on (SSO);
  18. Check the Requires SSL check box;
  19. Click OK to confirm the change.
  20. Navigate to Security > Global Security;
  21. Select Custom properties;
  22. Add com.ibm.ws.security.addHttpOnlyAttributeToCookies with value true;
  23. Click OK to confirm the change.
  24. Save the changes to the master configuration.
Parent topic: Manual WebSphere Application Server Configuration