It's all about the answers!

Ask a question

Can Jazz be used with WAS Liberty configured with a federated user registry?


honglin (173) | asked Dec 08 '21, 4:58 a.m.
edited Dec 10 '21, 12:37 a.m. by Geoffrey Clemm (30.0k23035)

 I have seen some contents in was liberty doc page: https://www.ibm.com/docs/zh/was-liberty/base?topic=authentication-federation-user-registries, it seems that was liberty supports federated user registry.


but I also found that in Jazz interactive installation guide page, after we select the application server to " Bundled IBM WebSphere Liberty profile" , the next user registry type option " Federated file-based realm" is dimed and can not be selected.

Select your application server:

  • <input id="server_liberty" name="appserver" style="cursor: pointer;" type="radio" value="liberty"> <label class="has_csh" for="server_liberty" id="default_as" style="border-bottom: 1px dashed blue; cursor: pointer; display: inline-block; margin-left: 3px; position: relative; zoom: 1;"> Bundled IBM WebSphere® Liberty profile </label>
  • <input id="server_was" name="appserver" style="cursor: pointer;" type="radio" value="was"> <label for="server_was" style="cursor: pointer; display: inline-block; margin-left: 3px;"> IBM WebSphere® Application Server (Integrated Solutions Console) </label>
  • <input id="server_jython" name="appserver" style="cursor: pointer;" type="radio" value="jython"> <label for="server_jython" style="cursor: pointer; display: inline-block; margin-left: 3px;"> IBM WebSphere Application Server (Jython scripts) </label>

Select your user registry type:

  • <input id="registry_liberty" name="registry" style="cursor: pointer;" type="radio" value="liberty"> <label for="registry_liberty" style="cursor: pointer; display: inline-block; margin-left: 3px;"> WebSphere Liberty basic registry </label>
  • <input id="registry_ldap" name="registry" style="cursor: pointer;" type="radio" value="ldap"> <label for="registry_ldap" style="cursor: pointer; display: inline-block; margin-left: 3px;"> LDAP or LDAP/SDBM </label>
  • <input id="registry_scim" name="registry" style="cursor: pointer;" type="radio" value="scim"> <label class="has_csh" for="registry_scim" id="scim_label" style="border-bottom: 1px dashed blue; cursor: pointer; display: inline-block; margin-left: 3px; position: relative; zoom: 1;"> SCIM </label>
  • <input disabled="disabled" id="registry_federated" name="registry" style="cursor: auto;" type="radio" value="federated"> <label for="registry_federated" style="cursor: auto; display: inline-block; margin-left: 3px;"> Federated file-based realm </label>
  • <input disabled="disabled" id="registry_non-ldap" name="registry" style="cursor: auto;" type="radio" value="non-ldap"> <label for="registry_non-ldap" style="cursor: auto; display: inline-block; margin-left: 3px;"> IBM i non-LDAP external registry </label>
so does the was liberty can really be configured using federated user registry, as LDAP + basic ?

Accepted answer


permanent link
Ralph Schoon (60.9k33643) | answered Dec 08 '21, 5:16 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Dec 08 '21, 5:17 a.m.

 I googled federated liberty site:jazz.net and found this: https://jazz.net/wiki/bin/view/Deployment/LibertyMultipleUserRegistries

selected this answer as the correct answer

Comments
honglin commented Dec 08 '21, 5:32 a.m.

thanks, I will try this tomorrow. 


honglin commented Dec 08 '21, 5:39 a.m.

and i still have a concern about the options in Jazz interactive installation guide page,

 since it can be configure using federated user registry, why the option "Federated file-based realm" is dimed?


Ralph Schoon commented Dec 08 '21, 8:53 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

The interactive installation guide can only cover so many situations. More advanced options require user intervention. 


honglin commented Dec 09 '21, 12:51 a.m.

understood, but it indeed  made confusion to me and wast a lot effot on it refering the guide content in WAS liberty doc page.


Recommend put a hyperlink to the option when the enduser choosing the interactive options.


honglin commented Dec 09 '21, 3:59 a.m.

I tried as follow the instructions page you give. It indeed worked.


But a new question appearing:

after enable the federated mode (basic + ldap) for Jazz, it seems that the basic user can not modify their password from the "View My Profile and LIcenses" menu, so it that supposed to be so? 


Ian Barnard commented Dec 09 '21, 4:39 a.m. | edited Dec 09 '21, 4:39 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Yes that's supposed to be so - LDAP is the master/source of their authentication - they'll have to change their password using whatever method their organization uses to change the password in LDAP.


honglin commented Dec 09 '21, 9:17 p.m.

then we can only modify user's password from Basic Repository munually modify the basicUserRegistry.xml?

showing 5 of 7 show 2 more comments

One other answer



permanent link
honglin (173) | answered Dec 09 '21, 6:27 a.m.

 and one more question: after the federated configuration works,  how do I modify user infos, as add a new user?

modify the basicUserRegistry.xml directly?


Comments
honglin commented Dec 09 '21, 6:38 a.m.

the "Create User" button can not be clicked.


Ralph Schoon commented Dec 09 '21, 7:07 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I do not know. I do not run such a configuration. I know that a customer runs such a configuration where the users that they do not want to change often are in the file basicUserRegistry.xml and the rest is in LDAP. The create button disabled means the system thinks you primarily run on LDAP.


These questions are all Application server questions and you will likely have to  search there for advanced configuration options.


honglin commented Dec 09 '21, 9:19 p.m.

ok, thanks very much. I just want to clarify these things, because we are evaluating these for a deployment solution.

Actually, knowledges in IBM site are very rich and helpful, but difficult to find. so much redundant info in it.

Your answer


Register or to post your answer.