Configuring a basic user registry for IBM® Process Federation Server

Edit online
Draft comment:
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-01-20 10:38
If the business process management systems in a federated environment use file-based user registries, you can configure a file-based basic user registry on Process Federation Server for user authentication.

About this task

Restriction: File-based user registries are suitable only for development and test environments. For production systems, use either an LDAP registry or a custom user registry.
For single sign-on, the user must be common to Process Federation Server and the federated systems. Typically, a common user requires that a common user registry is configured on each system, for example, LDAP registry or custom user registry. However, in development and test environments, file-based users can act like common users across the environments if the following conditions are true:
  • The user registry realm name is the same in Process Federation Server and federated systems
  • The user name in Process Federation Server basic registry is a fully qualified name that has the following format:
    uid=%user security name%, %base dn%
    For example, uid=admin,o=defaultWIMFileBasedRealm.

Procedure

Define the users and groups for the basic user registry in the server.xml file.
Open the server.xml configuration file for editing. By default, the configuration file is in the pfs_install_root/usr/servers/server_name directory on Process Federation Server.
For example, if the file-based user registries on the federated systems are configured with the default defaultWIMFileBasedRealm realm name, user names in the corresponding Process Federation Server file-based basic registry have the following configuration:
<basicRegistry realm="defaultWIMFileBasedRealm" 
   <user name="uid=admin,o=defaultWIMFileBasedRealm" password="admin" />
   <user name="uid=johndoe,o=defaultWIMFileBasedRealm" password="password" />
 </basicRegistry>
Notes:
  • Use unique names for each user and group.
  • Remove all trailing and leading spaces from the user and group names.
  • If user IDs or passwords contain characters other than US-ASCII characters, save the file by using UTF-8 character encoding.
  • If you edit the server.xml file directly, you can use the securityUtility encode command to encode the password for each user. The securityUtility encode command-line tool is available in the pfs_install_root/bin directory. For more information, see Liberty profile: securityUtility command
  • Log in to the federated system with the short user name, for example admin or johndoe.
  • Log in to Process Federation Server with the fully qualified user name, for example, uid=admin,o=defaultWIMFileBasedRealm.