Technical Blog Post
Unable to Log In to Maximo Application in Specific Server(s)
Hello everyone! Here's another blog describing a specific scenario and issue that might come useful to anyone who might have a similar setup as described below.
To give you an idea of the environment I am talking about in this blog, It has 2 Maximo JVMs running on WebSphere Application Server.
-MXUI (assigned to port 9080)
-MXUI2 (assigned to port 9081)
The MXUI server is dedicated for the Maximo U. The MXUI2 is being shared for the Maximo User Interface and an enterprise application that uses Web Services such as Tivoli Netcool/OMNIbus.
I came across an issue where users suddenly can not log in to their Maximo application after applying a fix pack. The environment is setup to have the application server security on. The maximo.properties and the maximoui web.xml already have the application server security turned on and has form log in method. And the "mxe.useappserversecurity" in the Maximo database is already set to 1. With the description of the application server security, we should be good and should have no issues logging in right? -- But we can not log in to the application!!! WHY?!
When we enter the user credentials in the log in page and click sign in, the username name and password fields will just clear out. It looks like after clicking the sign in button, it just redirects back to the same log in page. No errors in the Maximo server logs (systemOut.log) are being recorded. Also, this issue is only happening when the application is being accessed via port 9081 (through MXUI2).
Upon further investigation and research, it looks like the Maximo log in page being presented to the users via port 9081 is for a DISABLED application server security. WHAT?! I thought the application server security was already enabled in the Maximo configuration? -- Yes, it is.
When the application server security is DISABLED, the form action value in the Maximo log in page should be the Maximo URL.
When the application server security is ENABLED, the form action value in the Maximo log in page should be j_security_check. The j_security_check is the default login servlet provided by WebSphere.
So why is it that the Maximo log in's form action set to a value that is for a disabled application server security when we know for a fact that it is already enabled? And why is the issue only happening when the application is being accessed via port 9081 (through MXUI2)?
To answer the last questions in the ISSUE section:
It seems like the whenever the application is being accessed via the MXUI2 server which is being shared with the enterprise application that uses web services, the issue happens. Checking the web.xml of the meaweb, the application server security is not enabled in there. (A-HA!)
But the Maximo form log in is not using the meaweb web.xml, right? Yes, that is true but it looks like the Maximo form log in is thinking that the application server security is disabled (Refer to the form action value in the ISSUE section). The application server security is enabled in the maximoui web.xml so where else can it get the idea that the application server security is disabled? That's right! In the meaweb web.xml!
We can resolve the log in issue by enabling the application server security in the meaweb web.xml file. Below is the summary of steps to resolve the issue.
1) Stop the Maximo servers and uninstall the MAXIMO.ear application in WebSphere.
2) Modify the web.xml in the following location:
In the web.xml, uncomment the <security-constraint> tags and set the useAppServerSecurity to 1. Save the file.
3) Rebuild and redeploy the MAXIMO.ear file.
4) Start the Maximo servers.
You should be able to log in to Maximo without issues. ISSUE RESOLVED!
IMPORTANT REMINDER: Always check the web.xml files every after installation of fix pack and make sure they are not reverted to a disabled application server security setting.
BEST PRACTICE: It is always best to keep the web.xml files in sync. If you have the application server security enabled, please make sure that it is enabled in the four web.xml files in the following locations:
And there you have it guys! Hope you find this blog entry useful!