Is it possible to setup WebSphere Liberty Admin Center 1.0 using http only without a keystore and a username password?
You always need to configure the keystore and userid/password for the AdminCenter because the remote Administrative interfaces that the AdminCenter uses, require the user to be authenticated.
Related
Currently my Mac has been successfully configured to be in Active Directory Domain. (System Preferences -> Users & Groups -> Login Options -> Network Account Server)
We are developing a Mac application that has following requirements:
It should communicate with the LDAP server in Active Directory Domain and retrieve users & their attributes from LDAP server.
While communicating (bind or search) with the LDAP server, we are not allowed to explicitly specify logged-in user's credentials. (e.g. we should not prompt username / password screen to the user)
If we explicitly specify logged-in user's credentials,
• we are able to bind to the LDAP server
• we are able to search the users & their attributes in LDAP server.
If we do not specify logged-in user's credentials,
• we are able to bind to the LDAP server
• but it does not allow us to search the users & their attributes in LDAP server.
We are currently using OpenLDAP framework for LDAP operations.
Is there a way with which we can use logged-in user's credentials implicitly while communicating with the LDAP server?
Can you please guide us how we can query LDAP server (search users & their attributes in LDAP server) without specifying logged-in user's credentials explicitly.
Any kind of help is highly appreciated.
Is there a way with which we can use logged-in user's credentials
implicitly while communicating with the LDAP server?
Maybe.
IF you CAN set up Kerberos (and SPNEGO is using a WEB browser) you might be able to obtain a "ticket" that you could then use a GSSAPI to Authenticate the user.
You would probably be more secure if you used a one of the many third-party Access Manager Products to perform these services due to the inherent security risks involved.
I have installed Oracle WebLogic server 10.3.6. To install it, I have to provide a password for WebLogic user. Is there any other admin user and/or any default password for the admin user?
If exists, I have to disable or removed them for security reason. Please help me experts.
I have already installed Websphere Applcation Server 8.5.5 on my machine without username password.
But for some reason now after using it for several days without any problem, today I got a problem where I am asked to enter username and password in one of the applications which I deployed on WAS8.5.5.
Now how can I create a username and password in an already installed WAS 8.5.5?
If you want to disable application security,
in Security -> Global Security section, uncheck Enable application security
else you want to enable application security, configure User account repository with available realm definitions.
We have an admin account for our websphere application version 6.1 ! User admin account is wwsadmin. We have forgot the password of this admin account and not able to login into our console. Can anybody tell how we can reset the password of this admin account. I tried google and applied some steps but no help. Anyone who have worked as a admin for websphere 6.1 ?
First, turn off admin security:
Connect to wsadmin:
$WAS_HOME/bin/wsadmin.bat -connType NONE
Turn off security:
Jacl: wsadmin> securityoff
Jython: wsadmin> securityoff()
Restart the server (server1 in this case):
$WAS_HOME/bin/stopServer.bat server1
$WAS_HOME/bin/startServer.bat server1
Then, connect to the admin console and set new admin user credentials and turn security back on:
Start the server
Open the admin console and go to Security -> Global Security
Check the Enable administrative security box
Use the Security Configuration Wizard to set new admin user credentials.
These steps will work for WebSphere versions 6.0 and up.
or you could edit the security.xml file
<security enabled="false" ....
In my IE, when I want to access a SharePoint site, I'm asked for username/password (obviously).
Is there a way to make IE know that, when I access a domain XXX, it should use certain credentials? Even if I have to use a plugin.
I tried Windows Vault, but that doesn't seem to work with IE.
Add the domain to the "Local Intranet Sites" in security in IE. That will log in the current user that is logged into the PC.
You can set up a ADFS server (an Identity Provider) on the domain where your client is. The SAML or WS-Federation tokens issued from your source domain would be trusted by a second ADFS server (the Service Provider).
Here is what would happen when you would visit the SharePoint site:
You go to the SP site, "naked" (no kerberos, password or client certificate)
You are redirected to your local ADFS server
Your browser authenticates with a Kerberos ticket to the local ADFS server.
Local ADFS server issues a SAML or WS-Federation token and redirects you back to the "remote" SharePoint site
You go to the remote SharePoint site, with a POST containing a WS-Federation token.
Seeing the token, and trusting the signature or the source domain, access is granted.
But it is easier said than done. Things to look out for :
How will you link existing username password based accounts with shiny new ADFS logons ?
What if there are duplicate user names ?
Will that break authentication for remote users who are simply using Kerberos (because for them, it is a local SharePoint) ?
What is the impact should you change the URL so that users go to your ADFS server first ?
+Beware : the ADFS server role in Windows Server 2008 R2 will install ADFS 1.?. Do not use it. Download and install ADFS 2.0 or later.