Configuring user registries
The user registry stores information that is used to authenticate users using basic authentication. You must configure WebSphere® Application Server to use the user registry in your environment. Your choice of user registry is also an essential consideration when planning your monitoring environment.
- Federated Repositories
- Local operating system
- Standalone LDAP registry
- Standalone custom registry
You can configure multiple user registry types under federated repositories. For most production deployments, a Lightweight Directory Access Protocol (LDAP) server is typically used. For small deployments that are contained on a single server, you can use a file-based user registry. If you prefer to use a custom user registry, use the Related Concepts links provided below to understand how to implement it and to discover any potential restrictions.
- Sharing LTPA keys
You must configure lightweight third party authentication (LTPA) to forward credentials to and support single sign on with servers in other cells in your environment. LTPA keys must be shared among all cells in your environment. LTPA key exchange is required to enable single sign on when the IBM Business Monitor server is in a separate cell from the dashboard server. An example of this environment is when a web page is requested from one server and data is requested from another server. LTPA key exchange is also necessary when the IBM Business Monitor server is in a separate cell from the emitting common event infrastructure (CEI) cell. - Enabling single sign-on
Enable single sign-on (SSO) and indicate the domain. SSO simplifies user ID management from a user and IT support standpoint. - Configuring federated repositories
Federated repositories provide user registry functions and allow you to enable security. You can use federated repositories in your WebSphere Application Server or WebSphere Portal environment to access several user registries, including LDAP and custom adapters. - Configuring server identity
When using a federated repository, if the IBM Business Monitor server is configured to receive events from a remote common event infrastructure (CEI) server, and the remote CEI server is a network deployment server, then you must specify a server identity to enable communication between the local server and the remote server. - Using LDAP on a stand-alone server
If you want a stand-alone server to use stand-alone LDAP as the security repository, you must change from federated repositories after the stand-alone profile is created. By default, the Profile Management Tool creates federated repositories when security is enabled during profile creation.
Configuring standalone custom registry
The standalone custom registry realm definition provides a mechanism to integrate a user registry into IBM Business Monitor.