Logging in to the administrative console
Enter your user ID and password to access the console.
To access the console, enter your User ID and Password and then click Log in. The password is required only if security is enabled. In environments that use the administrative agent to administer multiple application server nodes, select whether to log in to the administrative agent or one of its registered profiles.
After you are logged in, be sure to use the Logout link in the console toolbar when you are finished using the console and to prevent unauthorized access. If there is no activity during this login session for an extended period of time, the session expires and you must log in again to access the console. The administrator can change the session timeout. The default is set to 30 minutes.
If the user ID that you provide is already logged in at a different location, you are prompted to choose between logging out from the other location or returning to the login page. If you log out the user from the other location, you might be prompted to recover unsaved changes made by that user.
- Ensure that each server uses a unique value for its admin console port.
- Run a separate web browser process for each admin console that you want to access concurrently.
Certificate login
You can log in to the administrative console with a certificate by configuring
CLIENT-CERT
as the auth-method
and setting the
adminconsole.certLogin
system property to true
. The
adminconsole.certLogin
system property disables the use of form login so you are
not prompted for login credentials when CLIENT-CERT
is configured.
Complete the following steps on the server that is hosting the administrative console application. On WebSphere® Application Server Network Deployment, the administrative console for a cell is hosted on the deployment manager (Dmgr) profile.
- Configure your browser with a certificate to be used for login. These steps vary based on the web browser software and the type of keystore that is being used.
- Configure WebSphere to trust one or more certificates that are used for certificate login. For more information on adding one or more signer certificates to the WebSphere truststore, see Adding a signer certificate to a keystore
- Add the
adminconsole.certLogin
system property and set it totrue
.- In the administrative console, click .
- On the Custom properties page, click New.
- Set Name to
adminconsole.certLogin
. The value is case sensitive. - Set Value to
true
. - Click Apply and then Save to save the changes.
- Specify to request SSL client authentication.
- In the administrative console, click .
- From the Client authentication list, select Supported or Required.
- Click Apply and then Save to save the changes.
- Change the
auth-method
element in the web.xml file in the profile WEB-INF directory.- Find the web.xml file in the \WAS_HOME\profiles\profileName\config\cells\cellName\applications\isclite.ear\deployments\isclite\isclite.war\WEB-INF directory of your installation.
- Save a backup copy of the web.xml file.
- Open the web.xml file in a text editor.
- Change the
auth-method
fromFORM
toCLIENT-CERT
, for example, change:
to<auth-method>FORM</auth-method>
<auth-method>CLIENT-CERT</auth-method>
- Save the changes.
- Change the
auth-method
element in the web.xml file in the \WAS_HOME\systemApps\isclite.ear\isclite.war\WEB-INF directory.Tip: If your environment has multiple profiles and you want certificate login enabled for all profiles, complete step 5 to change the web.xml in the systemApps path. This ensures that the web.xml changes persist on all profiles if the iscdeploy -restore command is run. If you do not want to enable certificate login on all profiles, you can skip step 5. Only step 4 is needed to enable certificate login on specific profiles.- Save a backup copy of the web.xml file.
- Open the web.xml file in a text editor.
- Change the
auth-method
fromFORM
toCLIENT-CERT
, for example, change:
to<auth-method>FORM</auth-method>
<auth-method>CLIENT-CERT</auth-method>
- Save the changes.
- Stop and restart the server that is hosting the administrative console (application server or deployment manager).
- Log on to the administrative console by using your certificate.Tip: Use the console URL that ends with
/ibm/console
. The URL that ends with/ibm/console/logon.jsp
does not work.