December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Categories

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

How to disable WebSphere Global Security for one Application Server in a secure cell

Problem(Abstract)

In a WebSphere Application Server cell where Global Security is enabled, you may want to disable security for individual application servers, for example, when you run some applications that can be accessed anonymously, while others require authentication.

This can be done either from the Application Server Administrative Console or using wsadmin.

Resolving the problem

Solution using Administrative Console:

  1. Go to “Application Servers”
  2. Select the appropriate server
  3. Select “Server security”
  4. Select “Server level security”
  5. Disable the “Enable global security” checkbox
  6. Save the settings and synchronize

Solution using wsadmin:
(assume you want to disable security for server1 on node WASI02Base.)

  1. start wsadmin in Deploymentmanager/bin directory
    wsadmin>$AdminConfig list Security
    (cells/WASICELL:security.xml#Security_1106748574007)
  2. wsadmin>$AdminConfig list Server
    dmgr(cells/WASICELL/nodes/WASI02DMGR/servers/dmgr:server.xml#Server_1)
    jmsserver(cells/WASICELL/nodes/wasi01base/servers/jmsserver:server.xml# Server_1106748571434)
    nodeagent(cells/WASICELL/nodes/WASI02Base/servers/nodeagent:server.xml# Server_1)
    nodeagent(cells/WASICELL/nodes/wasi01base/servers/nodeagent:server.xml# Server_1106748571153)
    server1(cells/WASICELL/nodes/WASI02Base/servers/server1:server.xml#Server_1)
    server1(cells/WASICELL/nodes/wasi01base/servers/server1:server.xml#Server_1)
  3. wsadmin>set server [$AdminConfig getid /Cell:WASICELL/Node:WASI02Base/Server:server1]
    server1(cells/WASICELL/nodes/WASI02Base/servers/server1:server.xml#Server_1)
  4. wsadmin>$AdminConfig list Security $server
  5. wsadmin>$AdminConfig create Security $server {{enabled false}}
    (cells/WASICELL/nodes/WASI02Base/servers/server1:security.xml#Security_1151410503621)
  6. wsadmin>$AdminConfig save

The result of both solutions described above (Administrative Console and wsadmin), is a separate security.xml file for server1 containing security enabled=’false’.
After restarting server1, its applications (For example, Snoop) can be accessed without being
prompted for userid and password as it was before, while security for the other servers in the cell is still active.

Remark:
It does not work the other direction. You cannot enable Server Level Security, when the cell-wide Global Security is disabled.

WebSphere Global Security OFF

This is a massive pain, WAS 6.1 is failing with my new SSL certs with larger (2048) size keys. No matter how perfectly configured my Node Default Trust Store looks with it’s happy Signer Certificate, the SSL connection still fails.

I changed a setting to do with SSL – I knew that was a bad idea! Server won’t let me back in the console, time to turn off security.

To disable global security either edit the security.xml file or use the wsadmin tool.

$WAS_HOME\config\cells\cellname\security.xml

Using WAS command-line client wsadmin (run with was user or root privileges):
1. Open a connection to local WAS in offline mode
wsadmin -conntype NONE

2. Turn off global security
wsadmin> securityoff

3. Save
wsadmin> $AdminConfig save

WebSphere Administrative (WAS) Console: turn off global security
Article ID:558727
Description:
I am locked out of the  WebSphere Administrative (WAS) console and have forgotten the password.  I want to turn off the WebSphere Application Server global security from outside the WAS console so I can login to the WebSphere Administrative console. How do I do this?  
Resolution:
To do this you can either modify the security.xml file in WAS or use the ./wsadmin tool to make this change:
  1. Login as root to Lawson Insight Desktop (LID).
  2. Navigate to the $WAS_HOME/profiles/Dmgr01/bin directory.
  3. Run the WAS command line client in offline mode, ./wsadmin -conntype NONE
  4. Turn off global security by entering securityoff from the wsadmin> prompt.
  5. Save this by executing $AdminConfig save from the wsadmin> prompt.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>