IBM Support

QRadar: Login page does not show any content

Troubleshooting


Problem

QRadar® login page does not show any content even though all relevant QRadar services are up and running including httpd and tomcat.

Symptom

When launching QRadar login page using the URL: https://<hosname>|<IP_address>/console, the page shows up blank and does not show the fields to enter the user-name and password.

Cause

One of the possible reasons for this issue could be that the file /opt/qradar/conf/login.conf has been modified incorrectly thus causing QRadar to fail while loading the file.

Diagnosing The Problem

In /var/log/qradar.log, these messages are observed:
Mar  2 14:39:42 ::ffff:N.N.N.N [tomcat.tomcat] [HttpServletRequest-74-Idle] com.q1labs.uiframeworks.auth.configuration.LoginConfigurationManager: [INFO] [NOT:0000006000][N.N.N.N/- -] [-/- -]Reading and parsing /opt/qradar/conf/login.conf
Mar  2 14:39:42 ::ffff:N.N.N.N [tomcat.tomcat] [HttpServletRequest-74-Idle] com.q1labs.uiframeworks.auth.AuthenticationVerificationFilter: [ERROR] [NOT:0000003000][N.N.N.N/- -] [-/- -]Failed to send redirect to logon.jsp
Mar  2 14:39:42 ::ffff:N.N.N.N [tomcat.tomcat] [HttpServletRequest-74-Idle] java.lang.IllegalStateException: The current login configuration is invalid

Resolving The Problem

  1. Backup /opt/qradar/conf/login.conf to a location such as /store/IBM_Support/
     
    cp -p /opt/qradar/conf/login.conf /store/IBM_Support/
  2. Confirm if the file has been modified recently and whether the contents are readable:
     
    ls -lath /opt/qradar/conf/login.conf
    cat /opt/qradar/conf/login.conf

    If the file has been modified recently and the contents are not readable, try to revert to the original file if you have a backup.

    If a backup is not available, refresh the contents of that file by using the command below:
     
    cp /opt/qradar/conf/templates/login.conf  /opt/qradar/conf/login.conf

    NOTE: Modifying the contents of the login.conf using the above command and then restarting the Tomcat service, will enable the UI and allow local authentication (System authentication) for the administrator to get into the system. Further configuration steps would be necessary if your environment needs to be configured with some other authentication method.
     
  3. Restart the tomcat service:
     
    systemctl restart tomcat
  4. Confirm whether the tomcat and httpd services are active:
     
    systemctl status httpd
    ●httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset : disabled)
      Drop-In: /etc/systemd/system/httpd.service.d
               └─qradar.conf
    Active: active (running) since...
     
    systemctl status tomcat
    ● tomcat.service - Apache Tomcat
       Loaded: loaded (/usr/lib/systemd/system/tomcat.service; enabled; vendor preset: disabled)
      Drop-In: /etc/systemd/system/tomcat.service.d
               └─ulimit.conf
       Active: active (running) since...
  5. Have users clear their browser cache and attempt to access the login page again. The login page should now be displayed correctly. If your environment uses any other authentication method, log in using the administrator credentials and take further action to enable the other authentication method.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtIAAQ","label":"Dashboard"}],"ARM Case Number":"TS005119938","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 March 2021

UID

ibm16426809