WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Disabling WebSphere Application Server global security

If WebSphere Application Server global security is enabled, you can either disable it manually before modifying your security configuration (as described below), or use the configuration wizard to configure your LDAP user registry. The configuration wizard disables WebSphere Application Server global security automatically.

IBM recommends to always have security enabled, except when configuring security; otherwise, certain applications may not function properly.

To turn off WebSphere Application Server Global Security and disable IBM® WebSphere® Portal Express security, run the disable-security task. To enable WebSphere Application Server Global Security that has been disabled and configure WebSphere Portal Express security, run the enable-security-ldap, enable-security-wmmur-ldap, or enable-security-wmmur-db tasks.

If this is a cluster environment, stop all cluster members before disabling or enabling security using the appropriate tasks.

 

Password considerations: For security reasons, you should not store passwords in the wpconfig.properties file. IBM recommends that you edit the wpconfig.properties and wpconfig_dbdomain.properties files prior to running a security task, inserting the passwords needed for that task. Then, after the task has run, you should delete all passwords from the wpconfig.properties and wpconfig_dbdomain.properties files. For more information, see Deleting passwords from configuration scripts.

Alternatively, you can specify the password on the command line using the following syntax:

As with other properties, each password property must have the -D prefix and be set equal to (=) a value. If you have multiple properties in a single command, use a space character between each -Dproperty=value setting.

 

Steps for this task:

  1. Use a text editor to open the wpconfig.properties and wpconfig_dbdomain.properties files:

  2. Enter the values that are appropriate for your environment: Note the following:

    • Do not change any settings other than those specified in these steps. For instructions on working with these files, see Configuration properties reference for a complete properties reference, including default values.

    • Use / instead of \ for all platforms.

    • Some values, shown here in italics, might need to be modified for your specific environment.

    In the wpconfig.properties file, find the WebSphere Application Server Properties section:

    Property Value
    WasUserid The user ID for WebSphere Application Server security authentication. For an LDAP configuration this should be the fully qualified distinguished name (DN) of a current administrative user for the WebSphere Application Server. For a configuration using Member Manager User Registry database the short version of the distinguished name must be used.

    Make sure to type the value in lower case, regardless of the case used in the distinguished name (DN). If a value is specified for WasUserid, a value must also be specified for WasPassword. If WasUserid is left blank, WasPassword must also be left blank.

    For an LDAP configuration this value should not contain spaces.

    Type: Alphanumeric text string

     

    Value: ReplaceWithYourWasUserid

    WasPassword The password for WebSphere Application Server security authentication.

    If a value is specified for WasPassword, a value must also be specified for WasUserid. If WasPassword is left blank, WasUserid must also be left blank.

    Type: Alphanumeric text string

     

    Value: ReplaceWithYourWasPassword

    In the wpconfig.properties file, find the Portal Config Properties section:

    Property Value
    PortalAdminId The user ID for the WebSphere Portal Express administrator, which should be the short name.

    Type: Alphanumeric text string.

     

    Value: The portaladminid used before enabling security

    PortalAdminPwd The password for the WebSphere Portal Express administrator, as defined in the PortalAdminId property.

    Type: Alphanumeric text string.

     

    Value: The portaladminpwd used before enabling security

    PortalAdminGroupId The group ID for the group to which the WebSphere Portal Express administrator belongs.

     

    Value: The portaladmingroupid used before enabling security

    In the wpconfig_dbdomain.properties file, find the WMM Database Properties section:

    Ensure that all database properties in the wpconfig_dbdomain.properties file reflect the current database settings, especially the following values:

    Property Value
    wmm.DbUser The user ID for the database administrator

    Type: Alphanumeric text string.

     

    Value: The ReplaceWithYourwmmDbAdmin

    wmm.DbPassword The password for the database administrator

    Type: Alphanumeric text string.

     

    Value: The ReplaceWithYourwmmDbPwd

  3. Perform this task only if you are using LDAP with a LookAside database. Change the LookAside property in the LDAP properties section of the wpconfig.properties file to true.

  4. Save and close the wpconfig.properties and wpconfig_dbdomain.properties files.

  5. Perform the following commands to see what servers are running and then stop and/or start the servers. If you are running with security enabled on WebSphere Application Server, specify a user ID and password for security authentication when entering the commands.

    If this is a clustered environment, ensure the deployment manager and all node agents are active.

    1. Open a command prompt and change to the following directory:

    2. Run the following command to see what servers are running:

      • Linux:

        ./serverStatus.sh -all -user admin_userid -password admin_password

      • Windows:

        serverStatus -all -user admin_userid -password admin_password

      • i5/OS:

        serverStatus -all -profileName profile_root -user admin_userid -password admin_password

        where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.

    3. Enter the following command:

      • Linux:

        ./stopServer.sh server1 -user admin_userid -password admin_password

      • Windows:

        stopServer.bat server1 -user admin_userid -password admin_password

      • i5/OS:

        stopServer.sh server1 -profileName profile_root -user admin_userid -password admin_password

        where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.

      server1 is the name of your WebSphere Application Server administrative server.

    4. Enter the following command:

      • Linux:

        ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

      • Windows:

        stopServer.bat WebSphere_Portal -user admin_userid -password admin_password

      • i5/OS:

        stopServer.sh WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

        where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.

  6. Open a command prompt.

  7. Change to the directory where WebSphere Portal Express is installed, on the corresponding operating system:

  8. Enter the appropriate command to run the configuration task:

    • Linux:

      ./WPSconfig.sh disable-security -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password

    • Windows:

      WPSconfig.bat disable-security -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password

    • i5/OS:

      WPSconfig.sh -profileName profile_root disable-security -DWasPassword=password -DPortalAdminPwd=password -Dwmm.DbPassword=password

      where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.

    Check the output for any error messages before proceeding with any additional tasks. If any of the configuration tasks fail, verify the values in the wpconfig.properties file.

  9. Perform the following steps to verify the server status and start any servers that are stopped:

    1. Open a command prompt and change to the following directory:

    2. Enter the appropriate command to verify what servers are running:

      • Linux:

        ./serverStatus.sh -all -user admin_userid -password admin_password

      • Windows:

        serverStatus -all -user admin_userid -password admin_password

      • i5/OS:

        serverStatus -all -profileName profile_root -user admin_userid -password admin_password

        where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.

      Start any servers that are not running.

      If this is a clustered environment, ensure the deployment manager and all node agents are active and synchronized. For a typical clustered environment wait 30 minutes after synchronization has completed before starting any servers to allow sufficient time for EAR expansion to complete.

    If any user settings or configurations (role assignments or personalization of resources) were made while security was enabled, these settings remain with the user references in the portal configuration until the user database is cleaned.

 

Parent topic:

Disabling global security