Mapping management roles for Liberty
You can use quickStartSecurity
element or any supported user registries
for administrative role mapping on Liberty.
For the latest documentation about Liberty role mapping, see the Open Liberty website.
About this task
All the JMX methods and MBeans accessed through the REST connector are currently protected by a
single role named administrator
. To get started quickly, use
quickStartSecurity
element to configure a single user with the
administrator
role and configure the default SSL configuration.
You can also use any supported user registry. You cannot use the
quickStartSecurity
element if you have already configured another user registry. In
this case, map users or roles from the registry to the administrator
role.
If user authentication in Liberty is
performed with single sign-on (SSO) technologies (for example SAML, OpenID Connect, or JWT), and
there is no user registry that is configured, or the user is not in the configured user registry,
you can still map the administrator
role to a trusted user or group that is
authenticated by an SSO server.
The reader role restricts access to JMX methods that are considered read-only.