If you change your security configuration, you might need
to replace your old IBM® WebSphere® Portal administrator
user ID with a new WebSphere Portal administrator
user ID.
- Prerequisites
- Applying fix packs to your portal
About this task
Complete the following steps to replace the WebSphere Portal administrator user
ID:Important cluster note: If you are
using IBM Web Content
Manager within
your clustered environment, you must complete these steps on every
node in the cluster. If Web Content Manager is
not configured, complete these steps only on the primary node.
Procedure
- Create a user in the Manage
Users and Groups portlet to replace the current WebSphere Portal administrative user.
- Run the following task to replace the old WebSphere Portal administrative user
with the new user:
- AIX® HP-UX Linux Solaris: ./ConfigEngine.sh wp-change-portal-admin-user
-DWasPassword=password -DnewAdminId=newadminid -DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroupid from
the wp_profile_root/ConfigEngine directory.
The -DnewAdminGroupId parameter is required
only if you plan to replace the old administrative group ID.
- IBM i: ConfigEngine.sh wp-change-portal-admin-user
-DWasPassword=password -DnewAdminId=newadminid -DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroupid from
the wp_profile_root/ConfigEngine directory.
The -DnewAdminGroupId parameter is required
only if you plan to replace the old administrative group ID.
- Windows: ConfigEngine.bat wp-change-portal-admin-user
-DWasPassword=password -DnewAdminId=newadminid -DnewAdminPw=newpassword -DnewAdminGroupId=newadmingroupid from
the wp_profile_root\ConfigEngine directory.
The -DnewAdminGroupId parameter is required
only if you plan to replace the old administrative group ID.
Additional parameter for stopped servers: This task verifies the user against a running server
instance. If the server is stopped, add the -Dskip.ldap.validation=true parameter
to the task to skip the validation.
- Verify that the task completed
successfully. Stop and restart all required servers.
- Complete the following steps to change the information
stored in the SearchAdminUser alias:
- Log in to the WebSphere Integrated Solutions Console.
- Click .
- Under Authentication, click .
- Edit the SearchAdminUser alias.
- Update the user ID and/or password to match your WebSphere Portal administrator information.
- Clustered environments: Synchronize the nodes.
- Log on to the Deployment Manager.
- Go to .
- Select the nodes to synchronize from the list.
- Click Full Resynchronize.
- Optional:
Note: This step is required only if you have WebSphere Portal Version 8.5 with CF03
through CF07. CF02 and earlier cumulative fixes do not have the StartupCheck
application yet. CF08 and later cumulative fixes do not require this
manual step any more.
Update the user ID and password
for the RunAs role mapping for the StartupCheck application. To do so, proceed as follows:- Log in to the WebSphere Integrated Solutions Console.
- Select .
- Update the user ID and password for the RunAs role mapping
for the StartupCheck application.
What to do next
Notes:
- If you use an external security manager such as Security Access
Manager, you must manually
remove the old administrator user ID from the external security manager.
- If you set the default portal administrator user ID to be used
as the crawler user ID for Portal Search, you need to adapt that crawler
user ID accordingly. For more information, read Managing
the content sources of a search collection.
- If you have WebSphere Portal Version
8.5 with CF08 or an earlier version and you have the Script Portlet
V 1.3 PAA from the catalog installed, make sure that the security
constraints of the Script Portlet reflect the new portal administrator
group. If they do not match, update them manually to match the new
portal administration group. For information about how to do so, read
the section about the Security overview for Script Portlet V
1.3 in the Script Portlet V 1.3 documentation.