IBM Support

How do I log the User ID of the user on successful login to the WAS Admin Console?

How To


Summary

This article describes how to change WAS Log level to print User ID of the user on successful login to WAS Admin Console

Objective

When you have a requirement to monitor who logs into WAS Admin console, the default log level do not provide the required information.
By default only failed user log in activity is logged.   WAS Administrator should add 'com.ibm.ws.wim.registry.util.SecurityNameBridge=finest' to the trace level for dmgr or the server1 in tWAS profile. 

Environment

WebSphere Application Server (WAS) on any platform

Steps

For WAS ND:
  • Log into WAS Admin console 
  • In the left menu expand System Administration and open Deployment Manager menu
  • Click on Logging and Tracing and then Diagnostic Trace.  
  • If Logging to File radio button not selected, select it and modify the size and number of historical files to match your environment.  Save your changes. 
  • Click Change log detail levels link
  • For permanent change, make changes in the Configuration tab.  For immediate change which is not persisted ( you can use this for testing ), switch to Runtime tab.
  • Append :com.ibm.ws.wim.registry.util.SecurityNameBridge=finest to the existing trace level.
  • Save Changes
  • If you made changes on the Logging and Tracing or in the Configuration tab, you need to restart Deployment Manager.
For tWAS environment:
  • Log into WAS Admin console 
  • In the left menu expand Troubleshooting -> Logs and Trace
  • click on server link, most likely it would be named server1 and click on Change log detail levels.
  • For permanent change, make changes in the Configuration tab.  For immediate change which is not persisted ( you can use this for testing ), switch to Runtime tab.
  • Append :com.ibm.ws.wim.registry.util.SecurityNameBridge=finest to the existing trace level.
  • Save Changes
  • If you made changes in the Configuration tab, you need to restart the server
Testing:
After restart, log in in WAS admin console.  Log out and provide invalid password in the login screen.
Examine the logs ( If you are using Basic logging, look for trace.out in the server logs directory ).
You should see entries similar to these:
 
For successful log in:

[5/15/19 10:45:21:431 EDT] 0000016d SecurityNameB > com.ibm.ws.wim.registry.util.SecurityNameBridge getUserSecurityName ENTRY inputUniqueUserId = "uid=admin,o=defaultWIMFileBasedRealm"

[5/15/19 10:45:21:435 EDT] 0000016d SecurityNameB < com.ibm.ws.wim.registry.util.SecurityNameBridge getUserSecurityName RETURN returnValue = "admin"

For failed password check:

[5/15/19 10:47:42:187 EDT] 00000101 LTPAServerObj E  SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4513E The password match failed for the 'admin' principal name..

[5/15/19 10:47:42:190 EDT] 00000101 FormLoginExte E  SECJ0118E: Authentication error during authentication for user admin

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"Dmgr;","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"ANY","Edition":"ND;tWAS;","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

WAS; tWAS; WebSphere Application Server; BPM;

Document Information

Modified date:
15 April 2020

UID

ibm12801439

Page Feedback