Application Server Security
Overview
If global security is enabled for the WebSphere cell, you can override the global security settings for the cell on a per application server basis.
| Variable | Description | Valid Values | Default Value |
| asSecurityEnabled | Override cell security settings | true, false | false |
| asSecurityAppEnabled | Set security on or off | true, false | false |
| asSecurityActiveProtocol | Security protocol. | CSI,SAS,BOTH | BOTH |
| asSecurityCacheTimeout | Time between forced cache reloads of data (sec) | Integer | 60000 |
| asSecurityEnforceJava2Security | Use Java 2 security | true, false | false |
| asSecurityIssuePermissionWarning | true, false | false | |
| asSecurityUseDomainQualifiedUserNames | true, false | false |
Default Settings
The default settings in profile_defaults.py are as follows:
# Application Server - Security settings asSecurityEnabled = "false" asSecurityActiveProtocol = "BOTH" asSecurityCacheTimeout = "600000" asSecurityEnforceJava2Security = "false" asSecurityIssuePermissionWarning = "false" asSecurityUseDomainQualifiedUserNames = "false" asSecurityAppEnabled = "false"
Enabling security
In order to enable security for your application server or cluster, set the following:
asSecurityEnabled = "true" asSecurityAppEnabled = "true"
Where:
asSecurityEnabled - overrides the security for the cell
asSecurityAppEnabled - sets the security for this AppServer to �on�
Extended Security settings
Extended security for CSIv2
The following parameter, defaulted in the profile_defaults.py may be overridden in your jython file:
asExtendedSecurityEnable = "false" asClaimsIdentityAssertionLayerSQOP_attrs = [["enable", "false"]] asClaimsMessageLayerRQOP_attrs = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']] asClaimsMessageLayerSQOP_attrs = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']] asClaimsTransportLayerRQOP_attrs = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]] asClaimsTransportLayerSQOP_attrs = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]] asPerformsIdentityAssertionLayerSQOP_attrs = [["enable", "false"]] asPerformsMessageLayerRQOP_attrs = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']] asPerformsMessageLayerSQOP_attrs = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']] asPerformsTransportLayerRQOP_attrs = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]] asPerformsTransportLayerSQOP_attrs = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]]
Enabling extended security
Set the following in your Jython file.
asExtendedSecurityEnable = "true"
If you want to set all properties to TCP/IP only and set Authentication to 'never' then that�s all you need to do.