Add wording to indicate webAppSecurity authentication mechanisms apply to user applications only.

[chirp1]

Please describe the problem you are having with the documentation. Is information missing, inaccurate, or unclear? Tell us about the context where you encountered the problem so we can understand how to address it.
Add wording to Configuring JMX connections so that customers know certain authentication mechanisms apply to user applications only, not to system applications.

Use the following wording or something similar:

Authentication mechanisms that are described in webAppSecurity apply to user applications only and cannot be used with the rest connector feature.

@una-tapa , kelly hasler

[dmuelle]

Hi Karen- just looking over this issue- the Configuring JMX connections page doesn't mention the webAppSecurity element or link to it's doc- is this the correct page for the update? IF so, we might want to provide more context.
I found these pages that mention webAppSecurity-
Authentication cache: Supported SSO Mechanism
Network security hardening- LTPA best practices
Server configuration hardening- Basic best practices
Track logged-out SSO cookies
Troubleshooting security - Single sign-on (SSO) does not work as servers don't share the Coordinated Universal Time and user registry

[dmuelle]

Hi @chirp1 - the draft is updated:

https://docs-draft-openlibertyio.mqj6zf7jocq.us-south.codeengine.appdomain.cloud/docs/latest/configuring-jmx-connection.html

We dont generally use the NOTE syntax in Open Liberty so I added the statement to the end of the first paragraph, where it talks about enabling admin REST connector and the default config.

[chirp1]

@dmuelle Hi David, The update looks good to me. Thanks!