Configuration Instructions

  1. Login to WAS8 administration console. Goto Applications > Application Types > WebSphere enterprise applications
  2. Select the checkbox next to ifsapp, fndweb and docvue (if available) and click Stop. This will stop the selected applicaions.
  3. Goto Security > Global security. Under User account repository \ Available realm definitions select Federated repositories and click Configure.
  4. Under Repositories in the realm click Add Base entry to Realm. Expand Add repostiry and select LDAP repository.
  5. Set values as shown. Click OK and  Save.
    LDAP Resitory
  6. In the current panel you are in, give the Distinglished name of the realm.  For example something like “DC=devsys,DC=local”. Click OK and Save.
    LDAP Resitory
  7. Back in Federated repositories panel you will see the configured LDAP repository. Set values as shown. Click OK and Save.
  8. Back in the Global security panel, make sure Federated repository is selected as the current realm. Then click Set as current to make the setting permanent.
  9. Then check Enable administrative security and Enable application security. Click Apply and Save.
  10. Stop the application server. If the server would not stop properly, try to give the username and password for the admin from the command prompt to stop the server.
    E.g.:  <profile home>\stopServer.bat -username <username> -password <password>
  11. [Optional] Enhanced security for server scripts.
  12. Start application server and login to administrative console using the AD admin user credentials. (Perform steps 1 & 2 if requred)
  13. Goto Security > Global security, then expand Web and SIP security and select SPNEGO Web authentication.
  14. On the SPNEGO Filters list click New. In the General Properties panel complete the following details.
    SPNEGO
  15. Click Apply and you return to the SPNEGO Web authentication panel.
  16. Click Enable SPNEGO and select the locations for Kerberos configuration and keytab files. Click Apply and Save.
    SPNEGO
  17. Goto Security > Global security. Under Authentication click on the link Kerberos configuration, set values as followed, click OK and Save.
  18. Perform Step 3. Click on the Repository Identifier name. Save the setting again as it is and notice the change in the Login properties field under Security.
  19. Goto Security > Bus security. Select ifsbus and then select Security under Additional Properties. In the Security for bus ifsbus panel, under Related Items, goto JAAS - J2C authentication data.
  20. Click on jmsuser alias and change/set the password for user IFSWEBSPHEREMSGUSER to the LDAP password for this user. Click OK and Save changes.
  21. Goto Security > Security domains and click on IFSREALM. Change setting under User Realm as shown below.
  22. Click OK and Save changes.