Tuesday, March 24, 2009

Changing Administration(wpsadmin/wpsbind) passwords in IBM WebSphere Portal 6.0

Generally we don't need to change the administration password for the portal once installed and configured properly. But there might be a situations or unavoidable circumstances when you want to change the administration passwords after installation or may be at any point of time when you need it badly. In fact I need it last week.. ;). So here are the steps to do it. These are the steps already mentioned in the websphere portal resources, I just made it easier to access...


IBM WebSphere Portal and IBM WebSphere Application Server use some user account as "Security Server ID" for the WebSphere Application Server JVM, access ID or bind ID for authenticated access to databases and LDAP servers, and WebSphere Application Server and WebSphere Portal administrative ID's.

If the password for any user ID is changed either by Websphere portal edit profile screen or through LDAP directly then the password value stored in the appropriate configuration file must be changed.
Changing the WebSphere Portal administrator password

WebSphere Portal treats wpsadmin (the administrator) as any other user, just with more permission granted. It is possible to change the wpsadmin or equivalent password through the user interface (UI), just like any other user can manage their own password through the UI. However, if the wpsadmin account is also used for more than just the administrator, then additional changes, outlined in other steps in this section, must be made to accommodate the change.

Follow these steps to change the WebSphere Portal administrator password:

1. Log in to WebSphere Portal as the administrator.
2. Click Edit My Profile.
3. Change your password in the appropriate box.
4. Click Continue.

Note: You can also change the WebSphere Portal Administrator password, like any other user password, using an LDAP editor.

Note: The WebSphere Portal configuration tasks that enable security automatically set the Security Cache Timeout to a value specified in the wpconfig.properties file. Old passwords are stored in cache for this amount of time. The default value is 600 seconds.


For the version 6.0.1

After successfully changing your password, you will need to make additional changes to the RunAsRole passwords; see WebSphere Portal requires additional changes to the RunAsRole passwords for the EJBs to support password change for WPSAdmin and WASAdmin users for information.

Changing the WebSphere Application Server administrator password using WebSphere Portal

You can change the password for the IBM WebSphere Application Server administrator user ID using the WebSphere Application Server Administrative Console.

* Confirm that the WebSphere Application Server Administrative Server and Administrative Console are running.
* Log in to the WebSphere Application Server Administrative Console as the administrator.
* Log in to WebSphere Portal as the WebSphere Application Server administrator and select Edit Profile.
* Type a new password and click OK.
* In the WebSphere Application Server Administrative Console do one of the following, depending on the type of security installation:

+ LDAP (non-realm): Click Security > Global Security > User registries > LDAP.
+ LDAP (realm): Click Security > Global Security > User registries > Custom.

Note: As we are have configured LDAP with realm support we will take that scenario for this document.

§ From the command prompt, change to the portal_server_root/config directory.

§ Enter the following appropriate command to encrypt the new password:

WPSconfig.bat -DPassword= wmm-encrypt

§ The script returns a value for the ASCII encrypted string. You can see that in your command prompt.

§ If you have a Base installation, open the portal_server_root/wmm/wmmWASAdmin.xml file with a text editor.

§ Copy the value from the ASCII encrypted string and paste it in the logonPassword field of the wmmWASAdmin.xml file.

§ Adapt the admin logon and uniqueUserid fields to the distinguished name of the new user.

* Change Server User Password to the new value using admin console for application server and save the changes.
* Stop and restart the WebSphere_Portal and server1 servers.

Note: The configuration tasks that enable security automatically set the Security Cache Timeout to a value specified in the wpconfig.properties file. Old passwords are stored in cache for this amount of time. The default value is 600 seconds.

For the version 6.0.1

After successfully changing your password, you will need to make additional changes to the RunAsRole passwords; see WebSphere Portal requires additional changes to the RunAsRole passwords for the EJBs to support password change for WPSAdmin and WASAdmin users for information.


We have successfully implemented these steps. :) If any of you find it hard on your portal environment, just drop a comment, may be I can help you.