Disable WAS global security

 

+

Search Tips   |   Advanced Search

 

Overview

To turn off WAS global security and disable WebSphere Portal security, run the disable-security task.

To enable global security that has been disabled, and to configure WebSphere Portal security...

• enable-security-ldap
• enable-security-wmmur-ldap
• enable-security-wmmur-db

If this is a cluster environment, stop all cluster members before disabling or enabling security.

 

Procedure

1. Make a backup of the security.xml file:

   WAS_PROFILE/config/cells/cellname/security.xml

2. Edit the security.xml file

3. Search for the first instance of "enabled=". You should see: enabled="true"

   <security:Security xmi:version="2.0" 
                      xmi:id="Security_1" 
                      useLocalSecurityServer="true" 
                      useDomainQualifiedUserNames="false" 
                      enabled="true" 
                      cacheTimeout="600" 
                      issuePermissionWarning="true" 
                      activeProtocol="BOTH" 
                      enforceJava2Security="false" 
                      enforceFineGrainedJCASecurity="false" 
                      activeAuthMechanism="LTPA_1" 
                      activeUserRegistry="CustomUserRegistry_1" 
                      defaultSSLSettings="SSLConfig_1">
   

4. Change this to enabled="false"

5. Save the security.xml file.

6. Copy the security.xml file to the nodes:

   node_1_profile/config/cells/cellname/security.xml
   node_2_profile/config/cells/cellname/security.xml

7. Restart the server1 and WebSphere_Portal servers. If you get authentication exceptions while trying to stop the servers you may need to manually kill the servers' processes and then restart them.

8. Edit the wpconfig.properties and wpconfig_dbdomain.properties files:

   portal_server_root/config/

9. Enter the values that are appropriate for the environment.

    

   WAS configuration properties

   Property	Value
   WasUserid	User ID for WAS security authentication. The fully qualified DN of a current administrative user for the WAS. For LDAP configuration this value should not contain spaces. Make sure to type the value in lower case, regardless of the case used in the DN. If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank. For LDAP configuration this value should not contain spaces. Examples: When using LDAP security: Tivoli Directory Server uid=wpsbind,cn=users,dc=example,dc=com Lotus Domino cn=wpsbind,o=example.com Active Directory cn=wpsbind,cn=users,dc=example,dc=com Sun Java System Directory Server uid=wpsbind,ou=people,o=example.com Novell eDirectory uid=wpsbind,ou=people,o=example.com
   WasPassword	The password for WAS security authentication.

    

   Portal configuration properties

   Property	Value
   PortalAdminPwd	Set this to wpsadmin
   PortalAdminPwd	Set this to wpsadmin
   PortalAdminGroupId	Set this to wpsadmins

    

   Database properties in wpconfig_dbdomain.properties

   Ensure that all database properties in the wpconfig_dbdomain.properties file point to valid values, especially the following values:

   Property	Value
   wmm.DbUser	User ID for the database administrator. For SQL Server and non-wmm databases only, unless you are the system administrator, the values for dbdomain.DbUser and dbdomain.DbSchema must be the same. For Oracle and SQL Server servers, this value must be set to FEEDBACK, which corresponds to the user FEEDBACK in the database. If the user you are using is an administrative user that has authority over the FEEDBACK schema, the administrative user should be entered for the dbdomain.DbUser property. Default: Release: db2admin Community: db2admin Customization: db2admin JCR: db2admin WMM: db2admin Feedback: db2admin LikeMinds: db2admin Recommended: wpsdbusr (for databases other than DB2 )
   wmm.DbPassword	The password for the database administrator. A value must be set for this property; it cannot be empty.

10. If you are using LDAP with a LookAside database set the LookAside property (in the LDAP properties section) to false.

11. Save and close the wpconfig.properties and wpconfig_dbdomain.properties files.

12. If this is a clustered environment, ensure the deployment manager and all node agents are active.

13. Enter the following commands...

    cd was_profile_root/bin

    ./stopServer.sh server1 -user admin_userid -password admin_password

    ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

    cd portal_server_root/config/

    ./WPSconfig.sh disable-security -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password

    For i5/OS:

    cd app_server_root/bin

    stopServer -profileName profile_root -user admin_userid -password admin_password

    stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

    cd portal_server_root/config/

    WPSconfig.sh -profileName profile_root disable-security -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password

14. Verify what servers are running:

    cd was_profile_root/bin

    serverStatus.sh -all

    i5/OS:

    cd app_server_root/bin

    serverStatus -all -profileName profile_root

15. Start any servers that are not running.

    If this is a clustered environment, ensure the deployment manager and all node agents are active.

16. At this point security should be disabled, which we can verify by accessing the DMGR AdminConsole. You should be prompted for only a username, not a password.

If any user settings or configurations (role assignments or personalization of resources) were made while security was enabled, these settings remain with the user references in the portal configuration until the portal user database is cleaned.

 

Parent topic:

Disable and enabling WAS global security

 

---