Troubleshooting
Problem
In some situations, after a user logs out and leaves the browser window open in, clicking on the "Login to Maximo" button allows login to Maximo without requesting authentication credentials.
Symptom
When the following conditions exist
* Maximo is secured with LDAP authentication
* The BASIC authentication method is enabled
If, after a user logs out and
* the browser window remains open
* before the LTPA token expires
when anyone clicks the "Login to Maximo" button, the previously logged out user will be logged in again without a new request for authentication credentials.
Cause
BASIC Authentication is enabled
Resolving The Problem
Change authentication method from BASIC to FORM authentication.
1. Stop the Maximo Server.
2. Back up the master copy of the web.xml file located in the administration workstation SMP location.
Default location
Windows: C:\ibm\SMP\maximo\applications\maximo\maximouiweb\webmodule\WEB-INF\
Unix: /opt/ibm/smp/maximo/applications/maximo/maximouiweb/webmodule/WEB-INF/
3. Open the web.xml file with a text editor. Comment out the following configuration that specifies the BASIC authentication method:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MAXIMO Web Application Realm</realm-name>
</login-config>
4. Uncomment the following configuration that defines the FORM base authentication:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MAXIMO Web Application Realm</realm-name>
<form-login-config>
<form-login-page>/webclient/login/login.jsp?appservauth=true</form-login
-page>
<form-error-page>/webclient/login/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
5. Save the web.xml file.
6. Rebuild and redeploy the Maximo EAR file.
7. Restart the Maximo server.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21664236