WBSP-AS-001180 - WebSphere Application Server application security must be enabled for each security domain except for publicly available

Information

By default, all administrative and user applications in WebSphere Application Server use the global security configuration. For example, a user registry defined in global security is used to authenticate users for every application in the cell. WebSphere allows for additional WebSphere security domains where different security attributes for some or all of your user applications can be set. These domains must also be configured to use application security.

Solution

Navigate to security >> security domains.

Click through each security domain.

If 'Customize for this domain' is checked for Application Security under the Security Attributes, but 'Enable application security' is not checked, check 'Enable application security'.

Expand 'show' to find all affected nodes and servers.

Click 'OK'.

Click 'Save'.

Synchronize the changes.

Restart all affected nodes and servers.

See Also

http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c), CAT|I, CCI|CCI-000197, Rule-ID|SV-96057r1_rule, STIG-ID|WBSP-AS-001180, Vuln-ID|V-81343

Plugin: Unix

Control ID: a218aa1cbceeacf499a99c3f26d265492e691d4d1d2b839c3a79f9e0d04c70f8