Logging in to the administrative console
Enter your user ID and password to access the console.
To access the console, enter your User ID and Password and then click Log in. The password is required only if security is enabled. In environments that use the administrative agent to administer multiple application server nodes, select whether to log in to the administrative agent or one of its registered profiles.
After you are logged in, be sure to use the Logout link in the console toolbar when you are finished using the console and to prevent unauthorized access. If there is no activity during this login session for an extended period of time, the session expires and you must log in again to access the console. The administrator can change the session timeout. The default is set to 30 minutes.
If the user ID that you provide is already logged in at a different location, you are prompted to choose between logging out from the other location or returning to the login page. If you log out the user from the other location, you might be prompted to recover unsaved changes made by that user.
- Ensure that each server uses a unique value for its admin console port.
- Run a separate web browser process for each admin console that you want to access concurrently.
Certificate login
You can log in to the administrative console with a certificate by configuring
CLIENT-CERT
as the auth-method
and setting the
adminconsole.certLogin
system property to true
. The
adminconsole.certLogin
system property disables the use of form login so you are
not prompted for login credentials when CLIENT-CERT
is configured.
Complete the following steps on the server that is hosting the administrative console application. On WebSphere® Application Server Network Deployment, the administrative console for a cell is hosted on the deployment manager (Dmgr) profile.
- Configure your browser with a certificate to be used for login. These steps vary based on the web browser software and the type of keystore that is being used.
- Configure WebSphere to trust one or more certificates that are used for certificate login. For more information on adding one or more signer certificates to the WebSphere truststore, see Adding a signer certificate to a keystore.
- Add the
adminconsole.certLogin
system property and set it totrue
.- In the administrative console, click .
- On the Custom properties page, click New.
- Set Name to
adminconsole.certLogin
. The value is case sensitive. - Set Value to
true
. - Click Apply and then Save to save the changes.
- Specify to request SSL client authentication.
- In the administrative console, click .
- From the Client authentication list, select Supported or Required.
- Click Apply and then Save to save the changes.
- Change the
auth-method
element in the web.xml file of some or all profiles.- To enable certificate login on specific profiles, change the
auth-method
element in the web.xml file in the profiles.- Find the web.xml file in the profile_root/profile_name/config/cells/cellName/applications/isclite.ear/deployments/isclite/isclite.war/WEB-INF directory of your installation.
- Save a backup copy of the web.xml file.
- Open the web.xml file in a text editor.
- Change the
auth-method
fromFORM
toCLIENT-CERT
; for example, change:
to<auth-method>FORM</auth-method>
<auth-method>CLIENT-CERT</auth-method>
- Save the changes.
- To enable certificate login on all profiles, change the
auth-method
element in the web.xml file in the systemApps path.- Find the web.xml file in the app_server_root/systemApps/isclite.ear/isclite.war/WEB-INF/com.ibm.isclite/WEB-INF directory of your installation.
- Save a backup copy of the web.xml file.
- Open the web.xml file in a text editor.
- Change the
auth-method
fromFORM
toCLIENT-CERT
; for example, change:
to<auth-method>FORM</auth-method>
<auth-method>CLIENT-CERT</auth-method>
- Save the changes.
- Open a command line on the
app_server_root/bin
directory and run the iscdeploy -restore command.
Warning: A fix pack update might overwrite changes made to web.xml files. Always save a backup of your web.xml file after making changes. - To enable certificate login on specific profiles, change the
- Stop and restart the server that is hosting the administrative console (application server or deployment manager).
- Log on to the administrative console by using your certificate.Tip: Use the console URL that ends with
/ibm/console
. The URL that ends with/ibm/console/logon.jsp
does not work.