Managing users on Jazz Authorization Server

Edit online

Jazz Authorization Server is based on the IBM® WebSphere Liberty server. Because Jazz Authorization Server authenticates users, it must be configured with a user registry.

Important: Choosing to use the IBM Jazz Authorization Server for single sign-on is a one-time decision that needs to be made when you install Engineering Lifecycle Management. Once you start using IBM Jazz Authorization Server for your application, you cannot revert to a different authentication mechanism. It is also applicable when you upgrade your applications.

WebSphere Liberty server

WebSphere Liberty server has capabilities similar to the full WebSphere® Application Server; it can be configured to use a Lightweight Directory Access Protocol (LDAP) registry, or users can be defined in local files. For information about configuring authentication in WebSphere Liberty server, see Configuring a user registry for Liberty.

You can start WebSphere Liberty server as a service. See JAS Script Options in the Running ELM applications as Windows services section for more information.

JazzAuthServer directory

Installation of Jazz Authorization Server creates a directory that is named JazzAuthServer in the installation location. The JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults directory includes sample files for both a basic, file-based user registry and an LDAP user registry.
  • The localUserRegistry.xml template file defines only the ADMIN and clmadmin users, with passwords the same as the user IDs.
  • The ldapUserRegistry.xml file is a template for an LDAP registry configuration.
To customize the files in the defaults directory, copy them up one level to the JazzAuthServer_install_dir/wlp/usr/servers/jazzop directory. An easy way to copy the files is to start and then stop the Jazz Authorization Server by running the following commands from the root of JazzAuthServer_install_dir:
  1. start-jazz.bat
  2. stop-jazz.bat
Then, modify the files in the jazzop directory.

Depending on which method you want to use, choose one of the following user management options.