Configure WAS to Stop asking for Password during Shutdown

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Are you annoyed with a credential prompt whenever you shut down the DMGR, Nodeagent, or JVM?

Well, not anymore, because you are going to learn how to configure IBM WebSphere Application Server to stop prompting for credentials every time.

was-prompt-password

In default WebSphere installation when security is enabled, you will get a credential prompt as shown below at every shutdown.

The following procedure will help you to configure WAS in such a way that you don’t get a credential prompt anymore during a shutdown.

Note: this must be done at profile levels like DMGR or node agent and assume you are using default connection type (SOAP). So ready?

Login into WAS server
Go to $PROFILE_HOMEproperties
Take a backup of soap.client.props. Or you may also take complete WebSphere configuration backup using backupconfig.sh as explained here.
Modify the soap.client.props file using vi and ensure the following three changes.

First– change false to true for SOAP security

com.ibm.SOAP.securityEnabled=true

Second & third – enter user & password, which as administrator role rights.

com.ibm.SOAP.loginUserid=chandan #change this with your environment admin
com.ibm.SOAP.loginPassword=chandan # changed this

So here is how file should look like

Test it by restarting respective Node, DMGR, or JVM.

Here is a useful tip

if you notice in the above file you can see user and password as plain text, which you don’t want to in a production environment. It’s recommended to encrypt the password and here is how you can do it.

Go to $PROFILE_HOMEbin folder
Execute the following command to encrypt the password

./PropFilePasswordEncoder.sh $PROFILE_HOME/properties/soap.client.props com.ibm.SOAP.loginPassword

Example:-

[[email protected] bin]# ./PropFilePasswordEncoder.sh /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/properties/soap.client.props com.ibm.SOAP.loginPassword
[[email protected] bin]#

Let’s take a look at the password field now.

com.ibm.SOAP.loginPassword={xor}PDc+MTs+MQ==

So you can see it’s encrypted which is much better, isn’t it?

BTW, do you know you can decrypt the XOR password?

Looking to learn WAS administration? Check out this Udemy course.

Power Your Business

Netsparker

Netsparker uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities with proof of exploit, thus making it possible to scan thousands of web applications and generate actionable results within just hours.

Try Netsparker

Kinsta

Probably the best managed WordPress cloud platform to host small to enterprise sites. Kinsta leverages Google's low latency network infrastructure to deliver content faster. Free SSL, CDN, backup and a lot more with outstanding support. You'll love it.

Try Kinsta

Sucuri

A global CDN and cloud-based web application firewall for your website to supercharge the performance and secure from online threats. SUCURI WAF protects from OWASP top 10 vulnerabilities, brute force, DDoS, malware, and more.

Try Sucuri

Configure WAS to Stop asking for Password during Shutdown

More Great Reading on Geekflare

What is Thread Dump and How to Analyze them?

IBM WebSphere Application Server Beginner’s Guide

How to Monitor IBM WebSphere using Application Manager?

How to Use Nginx with WebSphere Application Server?

How to Create Cluster in IBM WebSphere ND?

What’s New in WebSphere MQ 9 & Installation Guide

Power Your Business

Choosing the right product and service is essential to run an online business. Here are some of the tools and services to help your business grow.

Netsparker

Kinsta

Sucuri