Connecting a user registry

To provide single sign-on capabilities for one or more IBM® Business Automation Workflow systems, the User Management Service must have access to user and group information for authenticating and asserting users to connected systems.
You must configure the User Management Service to use the same user repository that is used by your IBM Business Automation Workflow, typically, for example, it must connect to the same LDAP server. Because the server template cannot make any assumptions about your user repository, by default a basicRegistry with a single administrative user account of your choice is created. Use this basicRegistry for system accounts only, for example, an administrator account. It is not suitable for user accounts for the following reasons:
  • The users are local to the User Management Service and are therefore unknown in a connected IBM Business Automation Workflow system.
  • basicRegistry supports only two attributes for users: username and password. However, there are situations in which a connected system might need to retrieve the user’s full name.
  • basicRegistry does not support nesting of groups.
For details about authenticating users in IBM WebSphere® Application Server Liberty, see Configuring a user registry in Liberty.
Create an XML file of any name in wlp/usr/servers/serverName/configDropins/overrides and add the configuration information about the user registry. You can easily copy and share this configuration later when you create server clones for load-balancing and high-availability.
Optional: You can customize or further delegate authentication by configuring Liberty to use SAML, SPENGO or other authentication schemes. For more information, see Authenticating users in Liberty.

Next, perform Creating User Management Service server clones.