Hitachi

uCosminexus Application Server Security Management Guide

5.13 Procedures to set up the integrated user management function

This section describes the procedures used to set up the integrated user management function.

Cosminexus can perform the integrated management of users who log into the Cosminexus-based systems. Integrated user management associates the user information managed by each of the J2EE applications so that the user who logs into one J2EE application can log into other J2EE applications. To use the integrated user management function, it is required to set up the LDAP directory server, which stores user authentication information, and the integrated user management configuration file.

It is also necessary to create the authentication process program that uses the JAAS API, the integrated user management API provided by Cosminexus, and the JSP tag library to invoke standard login modules. Custom login modules must be created to authenticate users in a specific way to the application. To learn more about creating custom login modules, see 5.12 Implementation of custom login module-based user authentication.

The following figure shows the procedures used to set up the integrated user management function.

Figure 5‒24: Procedures used to setup the integrated user management function

[Figure]

The details of steps 1 to 9 in the figure are as follows.

  1. Examine how to manage users and determine the range (realm) to which the same authentication is applied.

    Examine the unit used to manage users and determine the realm name. To learn more about determining the realm name, see 5.14 Determination of realm names.

  2. Set up the LDAP directory server.

    The LDAP directory server is needed to use single sign-on, as it is used to manage the single sign-on user information. To learn more about setting up the LDAP directory server, see 5.15 LDAP directory server setup.

    Skip this step when only the default user authentication provided by RDB (HiRDB, Oracle, etc.) is used.

  3. Register the user information used for user authentication in the LDAP directory server or RDB.

    To learn more about registering the user information to the LDAP directory server, see 5.16 Registration of user information. Cosminexus specifies the standard DIT structure of the user management repository stored in the LDAP directory server. To learn more about the repository structure, see 5.2.4 Management method of user information used for integrated user management.

    For details about registering the user information to RDB, see the RDB documentation.

  4. When single sign-on is used and the single sign-on user information should be encrypted, create the encryption key file used to encrypt and decrypt the user information.

    To learn more about creating the encryption key file, see 5.17 Creation of encryption key files (When using single sign-on).

    Skip this step when single sign-on is not used or the user information is not needed to be encrypted.

  5. When single sign-on is used, register the single sign-on user information to the LDAP directory server.

    To learn more about registering the single sign-on user information to the LDAP directory server, see 5.18 Registration of user information (When using single sign-on). Cosminexus specifies the standard DIT structure of the single sign-on user management repository stored in the LDAP directory server. To learn more about the repository structure, see 5.2.4 Management method of user information used for integrated user management.

    Skip this step when single sign-on is not used.

  6. Create configuration files.

    The following two files should be created.

    • jaas.conf (the JAAS configuration file)

    • ua.conf (the integrated user management configuration file)

    For details about creating the configuration files, see 5.19 Creating configuration files.

  7. Set up the Java VM properties.

    For details about setting up the Java VM properties, see 5.20 Java VM property setup.

  8. Deploy the EAR file used in integrated user management.

    To learn more about deploying the file, see 5.21 Deployment of files.

  9. Create a backup of the information used in integrated user management when needed.

    Use the commands provided by the LDAP directory service or the directory gateway to backup and restore the LDAP directory server repository. For details, see the LDAP directory server documentation.

    Make sure to backup jaas.conf, ua.conf, and the encryption key files.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.