Can Jazz be used with WAS Liberty configured with a federated user registry?
I have seen some contents in was liberty doc page: https://www.ibm.com/docs/zh/was-liberty/base?topic=authentication-federation-user-registries, it seems that was liberty supports federated user registry.
Select your application server:
-
<input id="server_liberty" name="appserver" style="cursor: pointer;" type="radio" value="liberty">
<label class="has_csh" for="server_liberty" id="default_as" style="border-bottom: 1px dashed blue; cursor: pointer; display: inline-block; margin-left: 3px; position: relative; zoom: 1;">
Bundled IBM WebSphere® Liberty profile
</label>
-
<input id="server_was" name="appserver" style="cursor: pointer;" type="radio" value="was">
<label for="server_was" style="cursor: pointer; display: inline-block; margin-left: 3px;">
IBM WebSphere® Application Server (Integrated Solutions Console)
</label>
-
<input id="server_jython" name="appserver" style="cursor: pointer;" type="radio" value="jython">
<label for="server_jython" style="cursor: pointer; display: inline-block; margin-left: 3px;">
IBM WebSphere Application Server (Jython scripts)
</label>
- <input id="server_liberty" name="appserver" style="cursor: pointer;" type="radio" value="liberty"> <label class="has_csh" for="server_liberty" id="default_as" style="border-bottom: 1px dashed blue; cursor: pointer; display: inline-block; margin-left: 3px; position: relative; zoom: 1;"> Bundled IBM WebSphere® Liberty profile </label>
- <input id="server_was" name="appserver" style="cursor: pointer;" type="radio" value="was"> <label for="server_was" style="cursor: pointer; display: inline-block; margin-left: 3px;"> IBM WebSphere® Application Server (Integrated Solutions Console) </label>
- <input id="server_jython" name="appserver" style="cursor: pointer;" type="radio" value="jython"> <label for="server_jython" style="cursor: pointer; display: inline-block; margin-left: 3px;"> IBM WebSphere Application Server (Jython scripts) </label>
Select your user registry type:
-
<input id="registry_liberty" name="registry" style="cursor: pointer;" type="radio" value="liberty">
<label for="registry_liberty" style="cursor: pointer; display: inline-block; margin-left: 3px;">
WebSphere Liberty basic registry
</label>
-
<input id="registry_ldap" name="registry" style="cursor: pointer;" type="radio" value="ldap">
<label for="registry_ldap" style="cursor: pointer; display: inline-block; margin-left: 3px;">
LDAP or LDAP/SDBM
</label>
-
<input id="registry_scim" name="registry" style="cursor: pointer;" type="radio" value="scim">
<label class="has_csh" for="registry_scim" id="scim_label" style="border-bottom: 1px dashed blue; cursor: pointer; display: inline-block; margin-left: 3px; position: relative; zoom: 1;">
SCIM
</label>
-
<input disabled="disabled" id="registry_federated" name="registry" style="cursor: auto;" type="radio" value="federated">
<label for="registry_federated" style="cursor: auto; display: inline-block; margin-left: 3px;">
Federated file-based realm
</label>
-
<input disabled="disabled" id="registry_non-ldap" name="registry" style="cursor: auto;" type="radio" value="non-ldap">
<label for="registry_non-ldap" style="cursor: auto; display: inline-block; margin-left: 3px;">
IBM i non-LDAP external registry
</label>
so does the was liberty can really be configured using federated user registry, as LDAP + basic ?
- <input id="registry_liberty" name="registry" style="cursor: pointer;" type="radio" value="liberty"> <label for="registry_liberty" style="cursor: pointer; display: inline-block; margin-left: 3px;"> WebSphere Liberty basic registry </label>
- <input id="registry_ldap" name="registry" style="cursor: pointer;" type="radio" value="ldap"> <label for="registry_ldap" style="cursor: pointer; display: inline-block; margin-left: 3px;"> LDAP or LDAP/SDBM </label>
- <input id="registry_scim" name="registry" style="cursor: pointer;" type="radio" value="scim"> <label class="has_csh" for="registry_scim" id="scim_label" style="border-bottom: 1px dashed blue; cursor: pointer; display: inline-block; margin-left: 3px; position: relative; zoom: 1;"> SCIM </label>
- <input disabled="disabled" id="registry_federated" name="registry" style="cursor: auto;" type="radio" value="federated"> <label for="registry_federated" style="cursor: auto; display: inline-block; margin-left: 3px;"> Federated file-based realm </label>
- <input disabled="disabled" id="registry_non-ldap" name="registry" style="cursor: auto;" type="radio" value="non-ldap"> <label for="registry_non-ldap" style="cursor: auto; display: inline-block; margin-left: 3px;"> IBM i non-LDAP external registry </label>
Accepted answer
I googled federated liberty site:jazz.net and found this: https://jazz.net/wiki/bin/view/Deployment/LibertyMultipleUserRegistries
Comments
thanks, I will try this tomorrow.
and i still have a concern about the options in Jazz interactive installation guide page,
The interactive installation guide can only cover so many situations. More advanced options require user intervention.
understood, but it indeed made confusion to me and wast a lot effot on it refering the guide content in WAS liberty doc page.
I tried as follow the instructions page you give. It indeed worked.
after enable the federated mode (basic + ldap) for Jazz, it seems that the basic user can not modify their password from the "View My Profile and LIcenses" menu, so it that supposed to be so?
Yes that's supposed to be so - LDAP is the master/source of their authentication - they'll have to change their password using whatever method their organization uses to change the password in LDAP.
then we can only modify user's password from Basic Repository munually modify the basicUserRegistry.xml?
One other answer
and one more question: after the federated configuration works, how do I modify user infos, as add a new user?
Comments
the "Create User" button can not be clicked.
I do not know. I do not run such a configuration. I know that a customer runs such a configuration where the users that they do not want to change often are in the file basicUserRegistry.xml and the rest is in LDAP. The create button disabled means the system thinks you primarily run on LDAP.
ok, thanks very much. I just want to clarify these things, because we are evaluating these for a deployment solution.