Application Server Security


If global security is enabled for the WebSphere cell, you can override the global security settings for the cell on a per application server basis.

Variable Description Valid Values Default Value
asSecurityEnabled Override cell security settings true, false false
asSecurityAppEnabled Set security on or off true, false false
asSecurityActiveProtocol Security protocol. CSI,SAS,BOTH BOTH
asSecurityCacheTimeout Time between forced cache reloads of data (sec) Integer 60000
asSecurityEnforceJava2Security Use Java 2 security true, false false
asSecurityIssuePermissionWarning true, false false
asSecurityUseDomainQualifiedUserNames true, false false

Default Settings

The default settings in are as follows:

# Application Server - Security settings
asSecurityEnabled = "false"
asSecurityActiveProtocol = "BOTH"
asSecurityCacheTimeout = "600000"
asSecurityEnforceJava2Security = "false"
asSecurityIssuePermissionWarning = "false"
asSecurityUseDomainQualifiedUserNames = "false"
asSecurityAppEnabled = "false"

Enabling security

In order to enable security for your application server or cluster, set the following:

asSecurityEnabled = "true"
asSecurityAppEnabled = "true"


asSecurityEnabled - overrides the security for the cell

asSecurityAppEnabled - sets the security for this AppServer to �on�

Extended Security settings

Extended security for CSIv2

The following parameter, defaulted in the may be overridden in your jython file:

asExtendedSecurityEnable = "false"

asClaimsIdentityAssertionLayerSQOP_attrs        = [["enable", "false"]]

asClaimsMessageLayerRQOP_attrs                  = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']]
asClaimsMessageLayerSQOP_attrs                  = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']]

asClaimsTransportLayerRQOP_attrs                = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]]
asClaimsTransportLayerSQOP_attrs                = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]]   

asPerformsIdentityAssertionLayerSQOP_attrs      = [["enable", "false"]]

asPerformsMessageLayerRQOP_attrs                = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']]
asPerformsMessageLayerSQOP_attrs                = [['enableOutOfSequenceDetection', 'false'], ['enableReplayDetection', 'false'], ['establishTrustInClient', 'false']]

asPerformsTransportLayerRQOP_attrs              = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]]
asPerformsTransportLayerSQOP_attrs              = [["confidentiality", "false"], ["enableProtection", "false"], ["establishTrustInClient", "false"], ["integrity", "true"]]

Enabling extended security

Set the following in your Jython file.

asExtendedSecurityEnable = "true"

If you want to set all properties to TCP/IP only and set Authentication to 'never' then that�s all you need to do.