Logging in to the administrative console

Enter your user ID and password to access the console.

To access the console, enter your User ID and Password and then click Log in. The password is required only if security is enabled. In environments that use the administrative agent to administer multiple application server nodes, select whether to log in to the administrative agent or one of its registered profiles.

After you are logged in, be sure to use the Logout link in the console toolbar when you are finished using the console and to prevent unauthorized access. If there is no activity during this login session for an extended period of time, the session expires and you must log in again to access the console. The administrator can change the session timeout. The default is set to 30 minutes.

If the user ID that you provide is already logged in at a different location, you are prompted to choose between logging out from the other location or returning to the login page. If you log out the user from the other location, you might be prompted to recover unsaved changes made by that user.

If you have one or more different stand-alone servers running on the same machine and want to administer them concurrently from the same or a different machine then you must:
  1. Ensure that each server uses a unique value for its admin console port.
  2. Run a separate web browser process for each admin console that you want to access concurrently.
[8.5.5.12 or later]

Certificate login

You can log in to the administrative console with a certificate by configuring CLIENT-CERT as the auth-method and setting the adminconsole.certLogin system property to true. The adminconsole.certLogin system property disables the use of form login so you are not prompted for login credentials when CLIENT-CERT is configured.

Complete the following steps on the server that is hosting the administrative console application. On WebSphere® Application Server Network Deployment, the administrative console for a cell is hosted on the deployment manager (Dmgr) profile.

  1. Configure your browser with a certificate to be used for login. These steps vary based on the web browser software and the type of keystore that is being used.
  2. Configure WebSphere to trust one or more certificates that are used for certificate login. For more information on adding one or more signer certificates to the WebSphere truststore, see Adding a signer certificate to a keystore
  3. Add the adminconsole.certLogin system property and set it to true.
    1. In the administrative console, click System administration > Deployment manager > Java and Process Management > Process definition > Java Virtual Machine > Custom properties.
    2. On the Custom properties page, click New.
    3. Set Name to adminconsole.certLogin. The value is case sensitive.
    4. Set Value to true.
    5. Click Apply and then Save to save the changes.
  4. Specify to request SSL client authentication.
    1. In the administrative console, click Security > SSL certificate and key management > SSL configurations > CellDefaultSSLSettings > Quality of protection (QoP) settings.
    2. From the Client authentication list, select Supported or Required.
    3. Click Apply and then Save to save the changes.
  5. Change the auth-method element in the web.xml file in the profile WEB-INF directory.
    1. Find the web.xml file in the \WAS_HOME\profiles\profileName\config\cells\cellName\applications\isclite.ear\deployments\isclite\isclite.war\WEB-INF directory of your installation.
    2. Save a backup copy of the web.xml file.
    3. Open the web.xml file in a text editor.
    4. Change the auth-method from FORM to CLIENT-CERT, for example, change:
      <auth-method>FORM</auth-method>
      to
      <auth-method>CLIENT-CERT</auth-method>
    5. Save the changes.
  6. Change the auth-method element in the web.xml file in the \WAS_HOME\systemApps\isclite.ear\isclite.war\WEB-INF directory.
    Tip: If your environment has multiple profiles and you want certificate login enabled for all profiles, complete step 5 to change the web.xml in the systemApps path. This ensures that the web.xml changes persist on all profiles if the iscdeploy -restore command is run. If you do not want to enable certificate login on all profiles, you can skip step 5. Only step 4 is needed to enable certificate login on specific profiles.
    1. Save a backup copy of the web.xml file.
    2. Open the web.xml file in a text editor.
    3. Change the auth-method from FORM to CLIENT-CERT, for example, change:
      <auth-method>FORM</auth-method>
      to
      <auth-method>CLIENT-CERT</auth-method>
    4. Save the changes.
  7. Stop and restart the server that is hosting the administrative console (application server or deployment manager).
  8. Log on to the administrative console by using your certificate.
    Tip: Use the console URL that ends with /ibm/console. The URL that ends with /ibm/console/logon.jsp does not work.