You can take actions to ensure that your installation is secure and set up user access controls.
During the installation process, the web container is configured to require users to log in, and a Rational® Asset Manager repository administrator ID and password is set up.
To enable HTTPS and SSL on the application server, see the application server documentation. For example, to get started configuring HTTPS and SSL on IBM® WebSphere® Application Server, see Securing IBM HTTP Server.
In general, you configure security on the application server, not in Rational Asset Manager. For example, Lightweight Directory Access Protocol (LDAP) authentication is delegated to the web container of the application server. To learn more about LDAP configuration, see Configuring for LDAP integration.
Rational Asset Manager uses a variety of secure protocols to integrate with other products, including OAuth, SSL, form-based login authentication, and HTTP basic login authentication. Rational Asset Manager only handles its own authorization, and delegates to other products to do their own authorization.
To use single-sign-on, configure Lightweight Third-Party Authentication (LTPA) in WebSphere Application Server. To learn more about LTPA, see Configuring LTPA and working with keys.
There are no fixed user IDs in Rational Asset Manager. Typically, you configure Rational Asset Manager to use LDAP, so that user IDs are registry-based. You can then create and delete users in the LDAP registry. Additionally, you set up password rules regarding reuse, minimum length, and required characters in the LDAP registry, not in Rational Asset Manager.
Community administrators manage users including defining the roles and permissions. To learn more and defining roles and groups and managing permissions, see Managing users.
This software offering does not use cookies or other technologies to collect personally identifiable information. For additional information on cookies, see the Notices topic.
The web container in WebSphere Application Server uses session cookies and Lightweight Third-Party Authentication cookies.