How To Manually Disable WebSphere Admin Console Security

In Websphere there is a possiblility to disable Admin security and login to Admin console without userid and password . This feature is not available in JBOSS EAP, Weblogic Server etc

Below steps are applicable for both DMGR and Standalone websphere nodes .

Generally we don’t require this .but there might a situation where one the following reasons

  • Someone changed the password or the password is locked if it is LDAP Account .
  • we may forget the credential . There is no way to get the working credentials .
  • Messed up the SSL/Security configuration or security.xml

To disable security manually follow below steps

1.Take backup of security.xml file located in <PROFILE_HOME>/config/cells/CellName/security.xml

2.update enabled=”true” to enabled=”false” on the first occurrence in security.xml file then kill the admin process that is running as we cannot stop since we don’t have working userid and password .

hi-lighted string decide the security of admin console .It will act as a switch to on/off

3.start the dmgr or AppNode Now we should be able to login to Admin without userid & password

4.Do what ever changes we need to reset the password and other configuration’s if need to do then go security.xml file and change back to enabled=”true”

5.kill the Admin process and start Admin now we should be able to login to Admin console successfully with new password .

Other way

We can also disable security by using wsadmin commands

1.connect to wsadmin

LOCAL OS security is off now but you need to restart server1 to make it affected.

2.kill the admin process 

3.start Admin process

4.Login to Admin console and do the necessary changes

5.connect to wsadmin and run securityon to enable security back 


6.Restart DMGR or Admin Node and login with new password .

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *