An Unsecured console
To learn about how Global Security is configured, we will start by creating a WAS profile that is not secured, then we can look at how to set up Global Security step by step.
To create a profile that is unsecured, we can simply use the custom script we use in previous guides. This script is called was8manage.sh (This comes with a purchased course)
|
|
Note: If you have not read the guides on installing WAS and creating profiles using the was8manage.sh, then please review them, and read the was8manage.Usage Guide, which explains how the script works. It is worth your while to learn this script as it will save you hours of manual effort and serves as a great starter towards you WAS automation. You can purchase this course from http://www.themiddlewareshop.com/prodcucts from 01-June-2015 (maybe before) |
First we set up our environment configuration file, and ensure that the variables that contain the Admin Username and Admin Password are null. Below is an example of such a configuration file which we have named appserver_unsecure.conf.
| ######################################################################## #WEBSPHERE APPLICATION SERVER Configuration Template for was8manage.sh #This file is used to pass variables to the script ######################################################################## AUDIT_LOG_DIR=/var/log/was #Type TYPE=appserver #WebSphere Application Server (Standalone) properties
UNIQUE_CELL_NAME=DV_AppServer01 #ENV is unused at this time, it is just an audit var ENV=WASDEV_855_DV HOST=localhostcell01 PROFILE_NAME=DV_AppServer01Prof NODE_NAME=DV_AppServer01 #Use default ports when START_PORT = null START_PORT= DMGR_ADMIN_USER= DMGR_ADMIN_PASSWORD=
# Directories for target install #Default WAS installation location can be changed WAS_BINARY_DIR=/opt/IBM/WebSphere/AppServer WAS_PROFILE_DIR=/opt/IBM/WebSphere/AppServer/profiles
# General Installer parameters SCRIPT_DIR=/var/apps/scripts/was8manage
#Variables that can are designed to be customised as required i.e. other than defaults INSTALL_SHARED_DIR=/var/IM/im-shared IM_TOOLS_DIR=/opt/IBM/InstallationManager/eclipse/tools INSTALL_REPOSITORY_DIR=/var/apps/installs/WAS_DEV_8.5.5.0 INSTALL_LOG=~/wadev8.5.5_install_log.xml INSTALL_FEATURES=”com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044,core.feature,com.ibm.sdk.6_64bit” UNINSTALL_FEATURES=”com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044″
#Specific Fix Pack variables for UPDATE, are passed as variables via command line to was8admin.sh #Specific Fix Pack variables for ROLLLBACK are passed as variables via command line to was8admin.sh
#The IM_INSTALLER_SRC_DIR variable sets the location of the IBM Installation Manager (IM) installable IM_INSTALLER_SRC_DIR=/var/apps/installs/IM1.8.1 #if -installationDirectory is not used, then the default is: /var/ibm/InstallationManager #NOTE: Maybe implement use of -dataLocation flag, as the default location is /opt/IBM/InstallationManager/eclipse #The IM_DIR is where the IM base binaries will be installed. Note: Use the -installationDirectory directory option to specify a non-default installation directory IM_DIR=/var/ibm/InstallationManager #The Agent Data Directory is the directory that contains information about installed packages. This directory is required to update, modify, roll back, or uninstall packages. Stored information includes the state and history of operations. IM_AGENT_DATA_DIR=/opt/IBM/InstallationManager/eclipse
############################################################################## #The lines below are hardly ever modified! <DO NOT CHANGE UNLESS GOOD REASON> ############################################################################## #IBM Installation Manager Install/Uninstall #INSTALL VARIABLES IM_INSTALLER_SRC_CMD=${IM_INSTALLER_SRC_DIR}/installc IM_INSTALLER_SRC_LOG=~/im_install_log.xml IM_INSTALLER_SRC_PARAM=”-log ${IM_INSTALLER_SRC_LOG} -acceptLicense”
#UNINSTALL VARIABLES IM_REMOVE_DIR=${IM_DIR} IM_REMOVE_CMD=${IM_REMOVE_DIR}/uninstall/uninstallc
#WAS 8.5.5 ND install/uninstall using IBM Installation Manager #INSTALL VARIABLES # Example Syntax #./imcl install com.ibm.websphere.ND.v85_8.5.5000.20130514_1044,core.feature,com.ibm.sdk.6_64bit # -installationDirectory /var/apps/was8.5.5 # -sharedResourcesDirectory /var/IM/im-shared # -repositories /var/apps/installs/WAS_8.5.5 # -acceptLicense # -showProgress # -log /var/log/ibm/install/was8.5.5.xml # -preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false
INSTALL_CMD=”${IM_TOOLS_DIR}/imcl install” INSTALL_OPTIONS=”-acceptLicense -showProgress” INSTALL_PREFERENCES=”-preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false”
#UNINSTALL VARIABLES #./imcl uninstall com.ibm.websphere.ND.v85_8.5.5000.20130514_1044 -installationDirectory /var/apps/was8.5.5 UNINSTALL_CMD=”${IM_TOOLS_DIR}/imcl uninstall” UNINSTALL_LOG=${WAS_BINARY_DIR}/logs/manageprofiles/deleteAll.log
#INSTALL FIXPACK VARIABLES #./imcl install offering_ID_offering_version,optional_feature_ID # -repositories source_repository # -installationDirectory product_installation_location # -keyring keyring_file -password password # -acceptLicense
#Example: /opt/IBM/InstallationManager/eclipse/tools/imcl install com.ibm.websphere.ND.v85_8.5.5005.20150220_0158,core.feature,com.ibm.sdk.6_64bit -installationDirectory /var/apps/was8.5.5 -repositories /var/apps/installs/WAS_ND_8.5.5.5_Fixpack -acceptLicense UPDATE_CMD=”${IM_TOOLS_DIR}/imcl install” UPDATE_OPTIONS=”-acceptLicense”
#ROLLBACK FIXPACK VARIABLES #./imcl rollback offering_ID_offering_version # -repositories source_repository # -installationDirectory installation_directory # -preferences preference_key=value # -properties property_key=value # -keyring keyring_file -password password # -acceptLicense ROLLBACK_CMD=”${IM_TOOLS_DIR}/imcl rollback” ROLLBACK_OPTIONS=”-acceptLicense”
#INSTALL INTERIM FIX VARIABLES #./imcl install interim_fix_name # -installationDirectory product_installation_location # -repositories repository_URL # -keyring keyring_file INTERIM_FIX_CMD=”${IM_TOOLS_DIR}/imcl install”
#UNINSTALL INTERIM FIX VARIABLES #./imcl uninstall <interim_fix_name> # -installationDirectory <product_installation_location> UNINSTALL_INTERIM_FIX_CMD=”${IM_TOOLS_DIR}/imcl uninstall” |
Note: We do not cover the variables used in the file as they are covered in other guides, but please note the fact that the variables DMGR_ADMIN_USERNAME and DMGR_ADMIN_PASSWORD are null.
Before we create this example profile, we presume you have already completed the installation sequence and you have existing WAS binaries.
To create the profile using was8manage.sh issue the following command from the scripts home directory.
| ./was8manage.sh -p create appserver_unsecure |
Result:
| MAIN ENTRY POINT ARGS=-p create appserver_unsecure validating arguments & initialising environment… $opt=p$, $OPTIND=3, $OPTARG=create $ENV=appserver_unsecure initialising environment… AUDIT_LOG_DIR=/var/log/was TYPE=appserver SIMULATE=false UNIQUE_CELL_NAME=DV_AppServer01 ENV=WASDEV_855_DV HOST=localhostcell01 PROFILE_NAME=DV_AppServer01Prof NODE_NAME=DV_AppServer01 START_PORT= WAS_BINARY_DIR=/opt/IBM/WebSphere/AppServer INSTALL_SHARED_DIR=/var/IM/im-shared IM_TOOLS_DIR=/opt/IBM/InstallationManager/eclipse/tools INSTALL_REPOSITORY_DIR=/var/apps/installs/WAS_DEV_8.5.5.0 INSTALL_LOG=/root/wadev8.5.5_install_log.xml INSTALL_FEATURES=com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044,core.feature,com.ibm.sdk.6_64bit UNINSTALL_FEATURES=com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044 IM_INSTALLER_SRC_DIR=/var/apps/installs/IM1.8.1 IM_DIR=/var/ibm/InstallationManager IM_AGENT_DATA_DIR=/opt/IBM/InstallationManager/eclipse IM_INSTALLER_SRC_CMD=/var/apps/installs/IM1.8.1/installc IM_INSTALLER_SRC_LOG=/root/im_install_log.xml IM_INSTALLER_SRC_PARAM=-log /root/im_install_log.xml -acceptLicense IM_REMOVE_DIR=/var/ibm/InstallationManager IM_REMOVE_CMD=/var/ibm/InstallationManager/uninstall/uninstallc INSTALL_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install INSTALL_OPTIONS=-acceptLicense -showProgress INSTALL_PREFERENCES=-preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false UNINSTALL_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl uninstall UNINSTALL_LOG=/opt/IBM/WebSphere/AppServer/logs/manageprofiles/deleteAll.log UPDATE_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install UPDATE_OPTIONS=-acceptLicense UPDATE_REPOSITORY_DIR= UPDATE_FEATURES= ROLLBACK_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install ROLLBACK_OPTIONS=-acceptLicense INTERIM_FIX_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install UNINSTALL_INTERIM_FIX_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl uninstall [14/04/15 11:43:19] INFO creating a stand-alone application server profile [14/04/15 11:43:19] INFO About to run /opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh from /var/apps/scripts/was8manage [14/04/15 11:43:19] WARNING *** Using calculated ports for Application Server, No Admin Security! *** [14/04/15 11:43:19] INFO Executing CMD:/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName DV_AppServer01Prof -profilePath /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -cellName DV_AppServer01 -hostName localhostcell01 -nodeName DV_AppServer01 -isDefault INSTCONFSUCCESS: Success: Profile DV_AppServer01Prof now exists. Please consult /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof/logs/AboutThisProfile.txt for more information about this profile. [14/04/15 11:44:31] INFO WebSphere Installation Success [14/04/15 11:44:31] INFO The profile [DV_AppServer01Prof] was successfully installed Application server environment to create: Application server Location: /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof Disk space required: 200 MB Profile name: DV_AppServer01Prof Make this profile the default: True Node name: DV_AppServer01 Host name: localhostcell01 Enable administrative security (recommended): False Administrative console port: 9060 Administrative console secure port: 9043 HTTP transport port: 9080 HTTPS transport port: 9443 Bootstrap port: 2809 SOAP connector port: 8880 Run application server as a service: False Create a Web server definition: False Performance tuning setting: Standard *** Listing profiles *** [DV_AppServer01Prof] ************************ |
The actual manageprofiles.sh command that was executed is as follows:
| /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -cellName DV_AppServer01 -hostName localhostcell01 -nodeName DV_AppServer01 -isDefault |
We now have an Application Server profile that is not secured.
When we start the server using <was_profile_root>/bin/startServer.sh server1 we can then log in to the console. We used default ports so unless there is another profile on your system then the console URL will the same as depicted below.
 |
We can log in using any ID we want. I have logged in as admin. All this will do is log that the user admin logged in, but we do not know who this is.
When we navigate to Users and Group/Manage Users we see the following message
 |
| You must enable administrative security to manage users and groups using the federated repositories feature. |
This is because there is no user/group registry configured. Global Administrative Security is not enabled.
INTRODUCTION
JEE SECURITY
GLOBAL SECURITY
UNSECURE CONSOLE
TURNING ON GLOBAL SECURITY
Security Configuration Wizard
Virtual Member Manager
ROLE MANAGEMENT
Administrative roles
DISABLING GLOBAL SECURITY
SETTING THE INTERNAL REPOSITORY USING SCRIPTING
APACHEDS
Installing ApacheDS
Adding a new partition
ADDING LDAP TO A FEDERATED REPOSITORY
FEDERATED REPOSITORIES RECAP
Security settings
Wimconfig.xml
CHANGING THE OU FOR LDAP BIND
Looking at User Groups
STANDALONE LDAP
CONFIGURING THE STANDALONE LDAP SERVER
TESTING THE CONNECTION
REVIEW OF SECURITY.XML
SUMMARY
To learn more about the courses available from The Middleware Shop, please go to http://www.themiddlewareshop.com/products to see a full list of the current courses available.
Consulting
If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.
About Steve
Steve is a seasoned passionate technology professional, strategist and leader.
An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.
Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.
Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.
Key Skills
• Leadership (Team, Project, Business, People).
• Architecture (Solutions, Information, Technical, Applications).
Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation
Specific IBM WebSphere skills:
WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)
- Automation
- Security, SSL
- Dev Ops
- Architecture
- Performance Tuning
Middleware Integration Skills:
- .NET programming, and Architecture
- Java Programming, and Architecture
- SOA, SOAP and XML messaging
- JBoss Fuse, WMQ, IIB, Mule
Integration Skills:
- SOA
- Process Improvement
- ICD’s
- Messaging Architecture
- Governance
General Digital Architecture & Governance
- Lightweight Architectures
- Digital Strategy, platform stacks for example IAAS, PAAS, SAAS
- PCI DSS
Industry Qualifications & Recognition
- TOGAF 9.1
- IBM Champion 2013
WebSphere Application Server 8.5.5.x – Advanced Security Course
The WebSphere Application Server 8.5.5.x – Advanced Security Concepts course provides the student with a detailed example-based guide which takes the student through how to configure Global Security for a Standalone Repository for the express purpose of connecting WAS to Microsoft AD, and enabling Full Single Sign on. This course covers how to set up Windows 2012 Server as a Primary Domain Controller and enabled a Windows 8.1 workstation as part of the full-enabling and testing of a fully functioning SSO solution. Included in this course are Jython and shell scripts and even a Java Web Application that is used to prove that SSO is indeed working as intended
WebSphere Message Broker 8 Administration
Here the student learns through examples, one step at a time, the power of WebSphere Message Broker 8.0 an advanced ESB product from IBM.
WAS 8.5.5.x Essential Security Course
Only $149.99 Learn how to configure SSL for both WAS and IBM HTTP Server. Learn SSL insights not previously made available. Implement LDAP configurations using open source products. Automate Global Security configuration using Jython
WAS 8.5.5 Application Client Cookbook
This course was produced because I had many members of the public asking for support on how to connect an Application Client (Java client) to a secure WebSphere Application Server.
2015 ALL Courses – Bargain Bucket
This page provides the facility to purchase an elite membership, which grants you full access to all products published before and during 2015. You get perpetual access and access to the current courses.
WebSphere 8.5.5 Automation Course
WAS 8.5.5 Automation Course Do you need to save time automating manual WAS tasks? Have you ever wondered how to automate IBM Installation Manager? Ever needed to automate the installation of WAS 8.5.5.x and automate Upgrades and Roll-backs? The WebSphere Application Server 8.5.5.x Automation Course provides the student with a full set of guides and a set of commercial-grade automation scripts with detailed worked-examples.All 2014 Courses – Bargain Box
This page provides the facility to purchase an elite membership, which grants you full access to all products published before 2015. You get perpetual access and access to the current courses. As of 2014, there are 9 courses.
WebSphere Application Server 8.5 Administration course
WAS 8.5 Administration Course This course provides the student with the necessary skills to handle all sorts of administrative tasks on WebSphere Application Server Network Deployment version 8.5. The course material is practical and “hands-on” and covers a wide range of topics derived from industry experience. We have designed this course to include all the necessary instructions to install the product, try out various administrative tasks and can be used easily to refresh your knowledge after the course has been attended. The course also contains over 900 pages of “How To” guides and more than 300 Power Point slides along with Labs, resources and questions and answers.
WebSphere Portal 8 Administration Basics Course
IBM Portal 8 Administration Course