Technical Blog Post
Maximo Anywhere and Worklight: Taking control of your admin user in WebSphere
You may have installed Maximo Anywhere recently and you chose to use the full version of WebSphere as your application server over WebSphere Liberty Profile or Apache. When going through the install screens you may have noticed you can't change the appcenteradmin password from the install panels. Have you ever wondered where this user is stored? How to change the password for appcenteradmin? Or even create another user? If so continue to read further.
The first part is understanding where this user is created and stored. The Worklight install creates this user in WebSphere's InternalFileRepository. This is a file based user repository internal to WebSphere which contains other users such as wasadmin.
To see the users that are part of this repository, log into WebSphere, expand 'Users and Groups' and click on 'Manage Users'. Search by User ID and enter in app*, you will see your appcenteradmin user here as part of the File Based Realm.
Clicking on the user will take you to the screen where you can set a password for appcenteradmin of your preference. The password fields will show blank, enter in your new passwords and click apply.
Your password changes will be reflected instantly when logging into to the Application Center Console.
Now that you've changed the password for your old admin user, you're probably wondering, can I create a new user that can log into the Application Center Console from WebSphere as well? The answer is yes.
From the same 'Manage Users' screen in WebSphere click on ''Create', to create your new user.
Enter in your username, first name, last name and password for the new user you wish to create on the file based realm. Click create as seen below.
Now your user is created and exists in the WebSphere internal file based repository, this however will not grant the user authentication to the Application Center Console. You will need need to update the security mapping for both the IBM_Application_Center_Console and IBM_Application_Center_Services enterprise applications.
Worklight creates two roles out of the box, appcenteruser and appcenteradmin. You can map individual users and groups to each of these or set 'All Authenticated in Application's Realm' to authenticate all users that exist in the repository. In our scenario we mapped the individual users to each of the roles as seen below.
Once the users are mapped, restart the application and your new user will have access to the Application Center along side your admin user.
One this to take into consideration is, when changing the password on your appcenteradmin in WebSphere, you will need to update the deploy.properties on the Maximo Anywhere side to reflect the password change.