Geek Flare

Learn Web Security, Cloud Computing, Middleware, Blogging

Configure WAS to Stop asking for Password during Shutdown

By Chandan Kumar in WebSphere July 31, 2016

Geek Flare Blog post is sponsored by Netsparker Web Application Security Scanner.

Are you annoyed with credential prompt whenever you shut down the DMGR, Nodeagent or JVM?

Well, not anymore, because you are going to learn how to configure IBM WebSphere Application Server to stop prompting for credential every time.

was-prompt-password

In default WebSphere installation when security is enabled, you will get a credential prompt as shown below at every shutdown.

The following procedure will help you to configure WAS in such a way that you don’t get a credential prompt anymore during a shutdown.

Note: this must be done at profile levels like DMGR or node agent and assume you are using default connection type (SOAP). So ready?

  • Login into WAS server
  • Go to $PROFILE_HOMEproperties
  • Take a backup of soap.client.props. Or you may also take complete WebSphere configuration backup using backupconfig.sh as explained here.
  • Modify the soap.client.props file using vi and ensure following three changes.

First– change false to true for SOAP security

com.ibm.SOAP.securityEnabled=true

Second & third – enter user & password, which as administrator role rights.

com.ibm.SOAP.loginUserid=chandan #change this with your environment admin
com.ibm.SOAP.loginPassword=chandan # changed this
  • So here is how file should look like

soap-client-props

  • Test it by restarting respective Node, DMGR or JVM.

Here is useful tip

if you notice in above file you can see user and password as plain text, which you don’t want to in a production environment. It’s recommended to encrypt the password and here is how you can do it.

  • Go to $PROFILE_HOMEbin folder
  • Execute the following command to encrypt the password
./PropFilePasswordEncoder.sh $PROFILE_HOME/properties/soap.client.props com.ibm.SOAP.loginPassword

Example:-

[[email protected] bin]# ./PropFilePasswordEncoder.sh /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/properties/soap.client.props com.ibm.SOAP.loginPassword
[[email protected] bin]#
  • Let’s take a look at password field now.
com.ibm.SOAP.loginPassword={xor}PDc+MTs+MQ==
  • So you can see it’s encrypted which is much better, isn’t it?

BTW, do you know you can decrypt the XOR password?

Share
Tweet
Pocket
Buffer
59 Shares

Chandan Kumar

Chandan Kumar is the founder of Geek Flare. He loves to share his knowledge to help others. Connect with him on Twitter and LinkedIn.
show more articles from Chandan Kumar

3 ways to be in touch.

Subscribe in Facebook Messenger

Enjoy reading so far? Don't miss out the latest article. Get them in your email, Facebook or Twitter. 

Reader Interactions

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Kinsta Managed WP Hosting

Founded by Chandan Kumar | © Geek Flare LLP · 2015-2018

Share
Tweet
Pocket
Buffer
59 Shares