WebSphere federated repository – lesson learned

When configuring WebSphere Portal to use the federated repository for non-prod environments, you have the option to leave the wasadmin and wpsadmin users in the defaultWIMFileBasedRealm. With this configuration, you should be able to login to the deployment manager and WebSphere Portal even if your federated user repository is down. I learned today, however, that it’s not enough to simply leave the administrative users there. There’s also a very important configuration option that must be checked or the whole plan is kaput.

In the WebSphere Integrated Solutions Console (WAS admin interface, deployment manager), under Security, click Global Security as indicated below…

Next, click the ‘Configure…’ button for the Federated repositories realm definition…

Check the checkbox to Allow operations if some of the repositories are down as shown below. If you don’t do that then everything’s dead after one of your repositories fail, so it wouldn’t even matter that your administrative users are still in the defaultWIMFIleBasedRealm.

Recently we changed our Active Directory (AD) server configuration and I needed to access my Deployment Manager to change the AD host, but I could not login to the Deployment Manager because I’d overlooked this setting. Both me and one of my colleagues burned some valuable time getting around this. So, if you’re counting on this strategy to save you too, perhaps you should double-check this setting now – before you have to actually rely on it.