After configuring global security and restarting all of your servers
in a secure mode, it is important to validate that security is
properly enabled. There are a few techniques that you can use to test the
various security login types. For example, you can test the Web-based BasicAuth
login, Web-based form login, and the Java client BasicAuth login. There are
basic tests that show that the fundamental security components are working
properly.
Before you begin
Configure global security and restart your servers before performing
this task..Why and when to perform this task
Complete the following steps to validate your security configuration.Steps for this task
- After enabling security, verify that your system comes up in secure
mode.
- Test the Web-based BasicAuth with Snoop,
by accessing the following URL: http://hostname.domain:9080/snoop A login panel is displayed. If a login panel does
not display, then a problem exists. If the panel appears, type in any valid
user ID and password in your configured user registry.
Note: The
Snoop servlet is only available in the domain if you included the DefaultApplication option
when adding the application server to the cell. The -includeapps option
for the addNode command migrates the DefaultApplication option
to the cell. Otherwise, skip this step.
- Test the Web-based form login by starting the administrative console: http://hostname.domain:9060/ibm/console.
A form-based login page is displayed. If a login page does not appear, try
accessing the administrative console by typing https://myhost.domain:9043/ibm/console.
Type in the administrative user ID and password that are used for configuring
your user registry when configuring security.
- Test Java Client BasicAuth with dumpNameSpace by executing the install_root\bin\dumpNameSpace.bat file.
A login panel appears. If a login panel does not appear, there is a problem.
Type in any valid user ID and password in your configured user registry.
- Test all of your applications in secure mode.
- If all the tests pass, proceed with more rigorous testing of your
secured applications. If you have any problems, review the output logs in
the WebSphere Process Server /logs/nodeagent or WebSphere Process Server /logs/server_name
directories, respectively. Check the security troubleshooting article to see
if it references any common problems.
Result
The results of these tests, if successful, indicate that security
is fully enabled and working properly.