Bootstrap FreeKB - IBM WebSphere - Getting Started with Administrative Security
IBM WebSphere - Getting Started with Administrative Security

Updated:   |  IBM WebSphere articles

The security.xml file can be used to determine if Administrative Security is enabled. For example, on a Linux system, the security.xml should be located at 

${WAS_INSTALL_ROOT}/profiles/your_profile/config/cells/your_secret/security.xml

 

In the security.xml file, if security:Security has enabled="true" then Administrative Security is enabled. If security:Security has enabled="false" then Administrative Security is not enabled. 

<security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" issuePermissionWarning="false" activeProtocol="BOTH" enforceJava2Security="false" enforceFineGrainedJCASecurity="false" appEnabled="false" dynamicallyUpdateSSLConfig="true" allowBasicAuth="true" activeAuthMechanism="LTPA_1" activeUserRegistry="LDAPUserRegistry_1" defaultSSLSettings="SSLConfig_1">

 

If you are able to sign into the WebSphere admin console, expand Security and select Global security to determine if administrative security is enabled.

 

When creating a profile, if the -enableAdminSecurity, -adminUserName, and -adminPassword options were not used, administrative security will not be enabled.

 

When administrative security is not enabled, you will be able to sign into the web console simply by pressing Log in without having to provide a username.

 

To require users to provide a username and password to access the WebSphere web console, select a user account registry and create a primary administrative user account, enable administrative security, select save, and then sign out of the web console. It is noteworthy that application security will also be enabled by administrative security is enabled.

 

Or wsadmin can be used to disable Administrative Security. You may want to use -conntype NONE when performing this task.

${WAS_INSTALL_ROOT}/your_profile/DevOCMMgr01Profile/bin/wsadmin.sh -conntype NONE
wsadmin> securityoff
wsadmin> AdminConfig.save()
wsadmin> quit

 

Or you can enable Administrative Security.

${WAS_INSTALL_ROOT}/your_profile/DevOCMMgr01Profile/bin/wsadmin.sh -conntype NONE
wsadmin> securityon
wsadmin> AdminConfig.save()
wsadmin> quit

 

Restart the application server or dmgr for this change to take effect. If you enabled Administrative Security, you should now be required to provide a username and password to be able to sign into the web console.




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter f9f179 in the box below so that we can be sure you are a human.