Audit event factory configuration collection The
Audit event factory configuration panel displays a list of
all currently configured audit event factory implementations. This
panel allows
a user with the auditor role to manage their configured audit event
factories.
This includes the ability to configure a new implementation, which
is done
using the New button on this panel.
Audit event factory settings The Audit event
factory settings panel displays the details of a specific audit event
factory. The auditor uses this panel to manage and create audit event
factory configurations.
Audit monitor collection Use this page to
configure audit subsystem failure notifications.
The Auditor monitor panel lists the existing notification configurations
and is the gateway for creating new notification configurations and
for managing the existing notification configurations.
Audit notification settings Use this page
to create and manage notification configurations that define how auditors
are made aware of audit subsystem failures.
Audit record encryption configuration settings Use
this page to enable encryption for your audit records.
Encrypting your audit records ensures only a user given access to
the certificate used for encryption is allowed to view the audit records.
Audit
record keystore settings The Audit record keystore
panel is used by an auditor to
define the keystores used for storing the encryption certificate used
to encrypt the audit records. Keystores used for auditing are managed
outside of other keystores being used on the system to facilitate
separation of the authority of the auditor for the authority of the
administrator.
Audit record signing configuration settings Use
this page to enable signing for your audit records.
Signing audit records ensures tamper-proof recording of the auditable
events. Both the auditor and administrator roles are required to configure
the signing of your audit data.
Audit service provider collection The Audit
service provider panel displays a listing of all configured audit
service provider implementations. Using this panel, a user can define
a new audit service provider implementation, delete an existing implementation,
and display or modify the fields associated with an existing implementation.
Audit service provider settings Use this page to define the implementation details of the
audit service provider. There are three types of audit service providers:
binary file-based, third party and SMF.
Configuration entry settings for Java Authentication and Authorization
Service Use this page to specify a list of Java Authentication and Authorization Service
(JAAS) login configurations for the application code to use, including
Java Platform, Enterprise Edition (Java EE) components such as enterprise
beans, JavaServer Pages (JSP) files, servlets, resource adapters,
and message-driven beans (MDBs).
Configure security domains Use this page to configure the security attributes of a
domain and to assign the domain to cell resources. For each security
attribute, you can use the global security settings or customize settings
for the domain.
Convert certificates Use this page to convert certificates to the selected security
standard. All certificates in keystores associated with an Secure
Socket Layer (SSL) configuration are converted.
Dynamic inbound and outbound endpoint SSL configurations collection Use this page to manage dynamic endpoint Secure Sockets
Layer (SSL) configurations, which represent associations between Secure
Socket Layer (SSL) configurations and their target protocol, host,
and port.
Dynamic outbound endpoint SSL configuration settings Use this page to set properties for dynamic outbound endpoint
SSL configurations, which represent associations between SSL configurations
and their target protocol, host, and port.
Event type filter settings The Event type
filter settings panel is used by an auditor
to manage and create event type filters. Default event type filters
have been included, this panel allows additional event type filters
to be added. Existing event type filters are also managed using this
panel.
Event type filters collection The Event type
filters panel displays a listing of all
configured audit specifications with their unique names, the state
of their enablement, and the event types and event outcomes that are
specified for each configuration.
External Java Authorization Contract for Containers provider
settings Use this page to configure the application server to use
an external Java Authorization
Contract for Containers (JACC) provider. For example, the policy class
name and the policy configuration factory class name are required
by the JACC specification.
External realm name Use this page to add
a WebSphere Application Server realm
that is external to this cell. The realm is initially not trusted.
Use the
Trusted authentication realms - inbound page to establish trust.
Extract certificate Use this page to extract the signer from the personal certificate
and store it in a file. The certificate can be added to a trust store
for trust verification. When extracting the signer from a chained
personal certificate, the signer at the top level of the chain is
extracted.
Extract certificate request Use this page to extract a certificate request to a file
so it can be sent to a certificate authority (CA).
Extract signer certificate Use this page to extract a signer certificate from the
keystore to a file so that it can be added elsewhere.
Federated repository wizard settings Use
this security wizard page to complete the basic requirements
to connect the application server to a federated repository.
Global security settings Use this page to configure administration and the default
application security policy. This security configuration applies to
the security policy for all administrative functions and is used as
a default security policy for user applications. Security domains
can be defined to override and customize the security policies for
user applications.
Java 2 Connector authentication data entry settings Use this page as a central place for administrators to
define authentication data, which includes user identities and passwords.
These values can reference authentication data entries by resource
adapters, data sources, and other configurations that require authentication
data using an alias.
Kerberos authentication settings Use this page to configure and to verify Kerberos as the
authentication mechanism for the application server.
Key
managers collection Use this page to define the
implementation settings for
key managers. A key manager is invoked during a Secure Sockets Layer
(SSL) handshake to determine which certificate alias is used. The
default key manager (WSX509KeyManager) performs alias selection. If
more advanced function is desired, define a custom key manager on
the Manage endpoint security configurations panel.
Key managers settings Use this page to define key managers implementation settings.
A key manager gets invoked during an Secure Sockets Layer (SSL) handshake
to determine the certificate alias to be used. The default key manager
(WSX509KeyManager) performs alias selection. If more advanced function
is desired, a custom key manager can be specified here and selected
in the SSL configuration.
Key set groups collection Use this page to manage groups of public, private, and
shared keys. These key groups enable the application server to control
multiple sets of Lightweight Third Party Authentication (LTPA) keys.
Key
sets collection Use this page to manage key sets,
which control a set of
key instances of the same type for use in cryptographic operations.
The keys can either be generated using a custom class or reference
keys that already exist in a keystore.
Key sets settings Use this page to set the properties for a new key set.
Key store settings Use this page to create all keystore types, including cryptographic,
Resource Access Control Facility (RACF),
Certificate Management Services (CMS), Java,
and all truststore types.
Keystores and certificates collection Use this page to manage keystore types, including cryptography,
Resource Access Control Facility (RACF)
, Certificate Management Services (CMS), Java,
and all truststore types.
Keystores and certificates exchange signers Use this page to extract the signer part of a personal
certificate from one keystore and add it to another keystore as a
signer certificate. Signer certificates can also be listed, and they
will be added to the other keystore as well.
LTPA Use this page to specify the shared keys and configure
the authentication mechanism that is used to exchange information
between servers. You can also use this page to specify the amount
of time that the authentication information remains valid and specify
the single sign-on configuration.
Manage FIPS Use this page to disable Federal Information Processing
Standards (FIPS) or to enable security standards that are required
by the government.
Manage endpoint security configurations Use this page to select a Secure Socket Layer (SSL) configuration
from the Local Topology hierarchy, which includes cells, nodes, node
groups, servers, and clusters.
New
Administrative Authorization Group Use this page
to create a new administrative authorization
group and to specify the associated administrative resources.
Notifications Use this page to specify the
generic notification definitions
that are used in certificate expiration monitors.
Notifications settings Use this page to set properties for new notifications used
in certificate expiration monitors or for security audit subsystem
failures.
Personal certificate requests collection Use this page to manage personal certificate requests.
Personal certificate requests are temporary place holders for certificates
that will be signed by a certificate authority (CA).
Personal certificate requests settings Use this page to create a new certificate request that
can be extracted and sent to a certificate authority (CA).
Proxy security level properties These settings describe the attributes and policies that
define the security level of a secured proxy server. The overall security
level of the secured proxy server is set to the weakest level of security
assigned to any of the individual settings.
Quality of protection (QoP) settings Use this page to specify security level, ciphers, and mutual
authentication settings for the Secure Socket Layer (SSL) configuration.
Receive certificate from CA Use this page to import your personal certificate from
the certificate authority (CA). The imported certificate replaces
the temporary certificate associated with the public/private keys
in the certificate request that is stored in the key store.
Replace a certificate Use this page to specify two certificates: the first selected
certificate is replaced by the second selected certificate. The replace
function replaces all the old signer certificates in key stores that
are managed throughout the cell with the new signer from the new certificate.
The same level of trust that was established with the old certificate
is maintained. All places the certificate's alias is referenced in
the security configuration will be replaced with the certificate's
alias. The alias could be referenced on a security object like the
SSL configuration, the dynamic outbound endpoint SSL configuration
and key set groups.
Retrieve from port Use this page to retrieve a signer certificate from a remote
SSL port. The system connects to the specified remote SSL host and
port and receives the signer during the handshake using an SSL configuration.
SPNEGO web authentication enablement You can enable the Simple and Protected GSS-API Negotiation
(SPNEGO) as the web authenticator for WebSphere Application Server.
SPNEGO web authentication filter values The Simple and Protected GSS-API Negotiation Mechanism
(SPNEGO) web authentication filter values control different aspects
of SPNEGO. Use this page to specify different filter values for each
application server.
SSL certificate and key management Use this page to configure security for Secure Socket Layer
(SSL) and key management, certificates, and notifications. The SSL
protocol provides secure communications between remote server processes
or endpoints. SSL security can be used for establishing communications
inbound to and outbound from an endpoint. To establish secure communications,
a certificate and an SSL configuration must be specified for the endpoint.
SSL configurations for selected scopes Use this page to display Secure Socket Layer (SSL) configurations
for selected scopes, such as a cell, node, server, or cluster. From
this page you can navigate to configuration panels for the following:
SSL configurations, dynamic inbound and outbound endpoint SSL configurations,
key stores, key sets, key set groups, key managers, and trust managers.
SSL inbound channel Use this page to determine which SSL inbound channel options
to specify for the application server.
Secure Authentication Service inbound transport settings Use this page to specify transport settings for connections
that are accepted by this server using the Secure Authentication Service
(SAS) authentication protocol. The SAS protocol is used to communicate
securely to enterprise beans with previous releases of the application
server.
Security Auditing detail The Security auditing
subsystem can be enabled and configured from this panel, by users
assigned the auditor role.
Security
custom property collection Use this page to view
and manage arbitrary name-value pairs of
data, where the name is a property key and the value is a string value
that
can be used to set internal system configuration properties.
Security custom property settings Use this page to configure arbitrary name-value pairs of
data, where the name is a property key and the value is a string
value that can be used to set internal system configuration properties.
Defining a new property enables you to configure a setting beyond
that which is available in the administrative console.
Security domains collection Security
domains provide a mechanism to use different security
settings for administrative applications and user applications. They
also
provide the ability to support multiple security settings so different
application
servers can use different security attributes like user registry or
login
configurations.
Server-level security settings Use this page to enable server-level security and specify
other server-level security configurations.
Signer certificate settings Use this page
to verify the general properties of the selected
signer certificate.
Signer certificates collection Use this page to manage signer certificates in key stores.
Signer certificates are used by Java Secure
Socket Extensions (JSSE) to validate certificates sent by the remote
side of the connection during a Secure Sockets Layer (SSL) handshake.
If a signer does not exist in the trust store that can validate the
certificate sent, the handshake fails and generates an "unknown certificate"
error.
Single sign-on settings Use this page to set the configuration values for single
sign-on (SSO).
Specify extent of protection wizard settings Use
this security wizard page to determine whether to enable application
security and restrict access to local resources. When you use the
wizard,
admin security is enabled by default.
Stand-alone custom registry wizard settings A wizard page exists in the administrative console to aid
in viewing the basic settings necessary to connect the application
server to an existing stand-alone custom registry. After you have
viewed the basic settings, you can also modify the existing stand-alone
customer registry configuration using the administrative console.
Standalone LDAP registry settings Use this page to configure Lightweight Directory Access
Protocol (LDAP) settings when users and groups reside in an external
LDAP directory.
Standalone LDAP registry wizard settings Use
this security wizard page to provide the basic settings
to connect the application server to an existing Lightweight Directory
Access Protocol (LDAP) registry.
Trust association settings Use this page to enable trust association, which integrates
application server security and third-party security servers. More
specifically, a reverse proxy server can act as a front-end authentication
server while the product applies its own authorization policy onto
the resulting credentials passed by the proxy server.
Trust
managers collection Use this page to define the
implementation settings for
the trust manager. A trust manager is a class that is invoked during
a Secure Sockets Layer (SSL) handshake to make trust decisions about
the remote end point. A default trust manager is used to validate
the signature and expiration of the certificate. Custom trust managers
can be plugged in to perform an extended certificate and host name
check.
Trust managers settings This page enables you to view and set definitions for trust
manager implementation settings. A trust manager is a class that gets
invoked during a Secure Sockets Layer (SSL) handshake to make trust
decisions about the remote end point. A default trust manager is used
to validate the signature and expiration of the certificate. Custom
trust managers can be plugged in to perform an extended certificate
and hostname check.
Web authentication settings Use this page to specify the web authentication settings
that are associated with a web client.
Writable SAF Keyring settings Use this page to manage existing writable System Authorization
Facility (SAF) keyrings on the z/OS platform.
z/OS Secure Authentication Service settings Use this page to specify authentication settings for requests
that are received and sent by a server that uses the z/OS authentication
protocol. Use the z/OS Secure Authentication Service
(z/SAS) protocol to communicate securely to enterprise beans.
z/OS security options Use this page to determine which Global security options
to specify for the application server for z/OS.