How To Manually Disable Global (Administrative) Security for IBM WebSphere Application Server (WAS)

Resolving The Problem

To manually disable Global Security for your IBM WebSphere Application Server instance, perform the following steps.

1)	Sign into a 5250 emulation session with a user profile having *ALLOBJ special authority.
2)	Execute the CL command to start a Qshell session. STRQSH
3)	Change to the profile_root/<profileName>/bin directory of your WAS profile you need to disable Global Security for. cd /QIBM/UserData/WebSphere/AppServer/<version>/<edition>/profiles/<profileName>/bin where.. <version> = V61, V7, V8, V85, or V9 <edition> = Express, Base, ND <profileName> = The name of your WAS Profile.
4)	Execute the wsadmin command to enter the wsadmin command/scripting interface. ./wsadmin -conntype NONE -lang jython
5)	Execute the securityoff command to disable Global Security for your WAS Profile. securityoff() You should receive a similar output message: LOCAL OS security is off now but you need to restart the connected server to make it affected.
6)	Save your configuration changes. AdminConfig.save() You should receive similar output text: u' '
7)	Exit the wsadmin command/scripting environment. quit
8)	Stop your application server instance. ./stopServer <server> where <server> is the name of your application server. This parameter is optional if your WAS Profile Name and Application Server Name are the same value. NOTE: You will be asked to provide the WAS administrator userID and password to stop the application server. If you do not know this information or can't get the application server instance to stop, you can end the job immediately using the ENDJOB JOB(number/user/name) OPTION(*IMMED) CL command.
9)	Start your application server instance. ./startServer <server> where <server> is the name of your application server. This parameter is optional if your WAS Profile Name and Application Server Name are the same value.
10)	Congratulations! You have successfully manually disabled Global Security for your IBM WebSphere Application Server instance. You should now be able to access the WAS Integrated Solutions Console (ISC) without having to specify a password.

Example:

STRQSH
> cd /qibm/userdata/websphere/appserver/v9/nd/profiles/WASProfile/bin
  $
> ./wsadmin -conntype NONE -lang jython
  WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
  WASX7031I: For help, enter: "print Help.help()"
  wsadmin>
> securityoff()
  LOCAL OS security is off now but you need to restart the connected server to make it affected.
  wsadmin>
> AdminConfig.save()
  u''
  wsadmin>
> quit
  $


Alternative method to manually disable Global Security for your WebSphere Application Server instance

By manually editing the Security.xml file, the general access security for Websphere application servers can be removed.

!!!CAUTION!!! - IBM does not advise clients manually edit their security.xml file without direct supervision/instruction from IBM Support. Syntax errors in this file may corrupt the WebSphere Application Server instance and prevent it from starting properly. Ensure the security.xml file is backed up or copied before performing any manual edits!!!

The full default path to the security.xml file is:

/qibm/userdata/websphere/appserver/{version}/{product}/profiles/default/config/cells/{cell_name}/security.xml

where {version} and {product} and {cell_name} reflect the particular instance in use and need to be replaced with the appropriate settings, as in this example:

/qibm/userdata/websphere/appserver/v9/base/profiles/default/config/cells/as400_default/security.xml

Ensure you have backed up or copied the security.xml file before any manual edits are made to this file in case the file needs to be recovered!!!

The entry that needs to be adjusted in the file is on the second line and is far to the right of the initial display screen on an 80-character page.

If Global Security is enabled, this line will show enabled="true" and needs to be edited to enabled="false" (no spaces around the = sign). This file can be edited using WRKLNK and EDTF. So just changing the value to true or false, you can manually enable security (true) or disable security (false):

<security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI&quot; xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol…; xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi&quot; xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" issuePermissionWarning="true" activeProtocol="BOTH" enforceJava2Security="false" enforceFineGrainedJCASecurity="false" activeAuthMechanism="SWAMAuthentication_1" activeUserRegistry="LocalOSUserRegistry" defaultSSLSettings="SSLConfig_1"> <authMechanisms xmi:type="security:SWAMAuthentication" xmi:id="SWAMAuthentication_1" OID="No OID for this mechanism" authContextImplClass="com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContext" authConfig="system.SWAM" simpleAuthConfig="system.SWAM" authValidationConfig="system.SWAM"/> The WebSphere environment will have to be restarted for this to take effect.