Logging in to the administrative console

Enter your user ID and password to access the console.

To access the console, enter your User ID and Password and then click Log in. The password is required only if security is enabled. In environments that use the administrative agent to administer multiple application server nodes, select whether to log in to the administrative agent or one of its registered profiles.

After you are logged in, be sure to use the Logout link in the console toolbar when you are finished using the console and to prevent unauthorized access. If there is no activity during this login session for an extended period of time, the session expires and you must log in again to access the console. The administrator can change the session timeout. The default is set to 30 minutes.

If the user ID that you provide is already logged in at a different location, you are prompted to choose between logging out from the other location or returning to the login page. If you log out the user from the other location, you might be prompted to recover unsaved changes made by that user.

If you have one or more different stand-alone servers running on the same machine and want to administer them concurrently from the same or a different machine then you must:
  1. Ensure that each server uses a unique value for its admin console port.
  2. Run a separate web browser process for each admin console that you want to access concurrently.

Certificate login

You can log in to the administrative console with a certificate by configuring CERT_LOGIN as the auth-method and setting the adminconsole.certLogin system property. The adminconsole.certLogin system property disables the use of form login so you are not prompted for login credentials when CLIENT_CERT is configured. Complete the following steps to configure certificate login.

  1. Configure your browser with a certificate to be used for the login. The product must trust the certificate for certificate login to work in the administrative console. You can add a new trusted (signer) certificate with the administrative console.
  2. Add the adminconsole.certLogin system property and set it to true.
    1. In the administrative console, click System administration > Deployment manager > Process definition > Java Virtual Machine > Custom properties.
    2. On the Custom properties page, click New.
    3. Set Name to adminconsole.certLogin. The value is case sensitive.
    4. Set Value to true.
    5. Click Apply and then Save to save the changes.
  3. Specify to request SSL client authentication.
    1. In the administrative console, click Security > SSL certificate and key management > SSL configurations > CellDefaultSSLSettings > Quality of protection (QoP) settings.
    2. From the Client authentication list, select Supported or Required.
    3. Click Apply and then Save to save the changes.
  4. Change the auth-method element in the web.xml file in the profile WEB-INF directory.
    1. Find the web.xml file in the \WAS_HOME\profiles\profileName\config\cells\cellName\applications\isclite.ear\deployments\isclite\isclite.war\WEB-INF directory of your installation.
    2. Save a backup copy of the web.xml file.
    3. Change <auth-method>FORM</auth-method> to <auth-method>CLIENT-CERT</auth-method> in the block.
    4. Save the changes.
  5. Change the auth-method element in the web.xml file in the \WAS_HOME\systemApps\isclite.ear\isclite.war\WEB-INF directory.
    Tip: If your environment has multiple profiles and you want certificate login enabled for all profiles, complete step 5 to change the web.xml in the systemApps path. This ensures that the web.xml changes persist on all profiles if the iscdeploy -restore command is run. If you do not want to enable certificate login on all profiles, you can skip step 5. Only step 4 is needed to enable certificate login on specific profiles.
    1. Save a backup copy of the web.xml file.
    2. Change <auth-method>FORM</auth-method> to <auth-method>CLIENT-CERT</auth-method> in the block.
    3. Save the changes.
  6. Stop and restart your deployment manager.
  7. Log on to the administrative console by using your certificate.
    Tip: Use the console URL that ends with /ibm/console. The URL that ends with /ibm/console/logon.jsp does not work.