Configuring WebSphere Security

Configure security on WebShere instances after launching.

The MidVision AMIs are started initially a base level of security configured to allow you to access the WebSphere Admin Console with Username: wasadmin / Password: [instance-id]. You will want to choose which WebSphere security realm to use for your needs. You can configure WebSphere security in the normal way after launching an instance. Below are some notes on configuring global security with particular reference to AWS Linux instances.

Local Operating System Security Realm

The following steps may be used to configure Local OS Security in WebSphere. AWS instances are initially configured with no passwords set for any of the configured operating system users. These users will need to have passwords set to avoid problems with WebSphere and the Local OS Security realm:
  1. Launch the instance as normal (a T2.Large is recommended).
  2. Log into the instance via ssh and you are placed in the Wizard
  3. Start WebSphere Server via the login Wizard
  4. Open all WebSphere ports with the ‘Process’ option
  5. Exit the Wizard, note the URL (No security)
  6. Run ‘sudo su -‘ and then run the ‘passwd‘ command to set the root password to your desired password, shown as [root-password]  later
  7. Use the noted URL to connect to the WAS console without security
  8. Navigate to ‘Security‘ -> ‘Global Security
  9. Click ‘Enable administrative security
  10. Click the ‘Configure‘ button next to the ‘Local Operating System‘ realm.
  11. After configuring the Local Operating System Realm with ‘root‘ as the ‘Primary administrative user name‘ and clicking ‘Apply‘, go back on to the ‘Global Security‘ page
  12. Click the ‘Set As Current‘ Box and tick again ‘Enable administrative security‘ and save the configuration.
  13. Log out of the console and stop WebSphere via the provided script: /home/midvision/stopwas.sh
  14. Edit /opt/IBM/WebSphere/AppServer/profiles/AppSrv/properties/soap.client.props with vi: sudo vi soap.client.props and set:com.ibm.SOAP.securityEnabled=true
    com.ibm.SOAP.loginUserid=root
    com.ibm.SOAP.loginPassword=[root-password]
  15. Restart WebSphere using: /home/midvision/startwas.sh
  16. You can access the instance using the https URL on port 9044 with root/[root-password] credentials
  17. If you wish to use other operating system users to access WebSphere, you’ll need to make sure all users in /etc/passwd (e.g. midvision, ec2-user, wasadmin) also have OS passwords set on the command line. If you try to access the console using one of these users without setting the initial OS password for the user on the command line, the WebSphere server may crash.