Security considerations for Rational Asset Manager

You can take actions to ensure that your installation is secure and set up user access controls.

Enabling security during the installation process

During the installation process, the web container is configured to require users to log in, and a Rational® Asset Manager repository administrator ID and password is set up.

To enable HTTPS and SSL on the application server, see the application server documentation. For example, to get started configuring HTTPS and SSL on IBM® WebSphere® Application Server, see Securing IBM HTTP Server.

In general, you configure security on the application server, not in Rational Asset Manager. For example, Lightweight Directory Access Protocol (LDAP) authentication is delegated to the web container of the application server. To learn more about LDAP configuration, see Configuring for LDAP integration.

Enabling secure communication between multiple applications

Rational Asset Manager uses various secure protocols to integrate with other products, including OAuth, SSL, form-based login authentication, and HTTP basic login authentication. Rational Asset Manager handles its own authorization only, and delegates to other products to do their own authorization.

To use single-sign-on, configure Lightweight Third-Party Authentication (LTPA) in WebSphere Application Server. To learn more about LTPA, see Configuring LTPA and working with keys.

Ports, protocols, and services

Rational Asset Manager does not directly control ports, protocols, and services. You configure ports, protocols, and services on the application server.

Setting up user roles and access

There are no fixed user IDs in Rational Asset Manager. Typically, you configure Rational Asset Manager to use LDAP, so that user IDs are registry-based. You can then create and delete users in the LDAP registry. Additionally, you set up password rules regarding reuse, minimum length, and required characters in the LDAP registry, not in Rational Asset Manager.

Community administrators manage users, including defining roles and permissions. To learn more about defining roles and groups and managing permissions, see Managing users.

Cookies

This software offering does not use cookies or other technologies to collect personally identifiable information. For more information about cookies, see the Notices topic.

The web container in WebSphere Application Server uses session cookies and Lightweight Third-Party Authentication cookies.


Feedback