Configuring WebSphere Security
Configure security on WebShere instances after launching.
The MidVision AMIs are started initially without security configured. You will want to choose which WebSphere security realm to use for your needs. You can configure WebSphere security in the normal way after launching an instance. Below are some notes on configuring global security with particular reference to AWS Linux instances.
Local Operating System Security Realm
- Launch the instance as normal (a T2.Large is recommended).
- Log into the instance via ssh and you are placed in the Wizard
- Start WebSphere Server via the login Wizard
- Open all WebSphere ports with the 'Process' option
- Exit the Wizard, note the URL (No security)
- Run 'sudo su -' and then run the 'passwd' command to set the root password to your desired password, shown as [root-password]
- Use the noted URL to connect to the WAS console without security
- Navigate to 'Security' -> 'Global Security'
- Click 'Enable administrative security'
- Click the 'Configure' button next to the 'Local Operating System' realm.
- After configuring the Local Operating System Realm with 'root' as the 'Primary administrative user name' and clicking 'Apply', go back on to the 'Global Security' page
- Click the 'Set As Current' Box and tick again 'Enable administrative security' and save the configuration.
- Log out of the console and stop WebSphere via the provided script: /home/midvision/stopwas.sh
- Edit /opt/IBM/WebSphere/AppServer/profiles/AppSrv/properties/soap.client.props and set:
sudo vi soap.client.props
com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid=root com.ibm.SOAP.loginPassword=[root-password]
- Restart WebSphere using: /home/midvision/startwas.sh
- You can access the instance using the https URL on port 9044 with root/[root-password] credentials
- If you wish to use other operating system users to access WebSphere, you'll need to make sure all users in /etc/passwd (e.g. midvision, ec2-user, wasadmin) also have OS passwords set on the command line. If you try to access the console using one of these users without setting the initial OS password for the user on the command line, the WebSphere server may crash.