Supported Realm Types

The following realms are supported:

file

The file realm is the default realm when you first install the Application Server. It has the following configuration characteristics:

Required properties are as follows:

The user information file is initially empty, so you must add users before you can use the file realm.

ldap

The ldap realm allows you to use an LDAP database for user security information. It has the following configuration characteristics:

Required properties are as follows:

You can add the following optional properties to tailor the LDAP realm behavior.

You must create the desired user(s) in your LDAP directory. You can do this from the Directory Server console in the Users & Groups main tab, or through any other administration tool which supports LDAP and your directory’s schema.

The principal-name used in the deployment descriptors must correspond to your LDAP user information.

certificate

The certificate realm supports SSL authentication. This realm sets up the user identity in the Application Server’s security context, and populates it with user data obtained from cryptographically verified client certificates in the truststore.jks and keystore.jks files, which are located in domain_dir/config by default. (See Changing the Location of the cacerts.jks and keystore.jks Files.) The J2EE containers then handle authorization processing based on each user’s DN from his or her certificate.

This realm has the following configuration characteristics:

You can add the following optional property to tailor the certificate realm behavior.

solaris

The solaris realm allows authentication using Solaris username+password data. This realm is only supported on Solaris 9. It has the following configuration characteristics:

Required properties are as follows:

See also:


Legal Notices