Disabling the Tivoli Integrated Portal Authentication

If you re-configure the federated repository used for TIP authentication and make a mistake in the setup then it is possible that you can’t get back into TIP (or indeed perform a normal stop of eWAS).

There is a simple way to switch off authentication in TIP;

  • Edit security.xml in “/opt/IBM/tivoli/tip/profiles/TIPProfile/config/cells/TIPCell”
  • Locate the first enabled=”true” and change it to “false” (i.e. useDomainQualifiedUserNames=”false” enabled=”true” cacheTimeout=”600″)
  • Restart TIP. (It is likely that you can’t stop TIP due to authentication problems so you may have to just kill it & then do a normal start).

For example;

<?xml version=”1.0″ encoding=”UTF-8″?>

<security:Security xmi_version=”2.0″ xmi_id=”Security_1″ useLocalSecurityServer=”true” useDomainQualifiedUserNames=”false” enabled=”true” cacheTimeout=”600″ issuePermissionWarning=”true” activeProtocol=”BOTH” enforceJava2Security=”false” enforceFineGrainedJCASecurity=”false” appEnabled=”true” dynamicallyUpdateSSLConfig=”true” activeAuthMechanism=”LTPA_1″ activeUserRegistry=”WIMUserRegistry_1″ defaultSSLSettings=”SSLConfig_TIPNode_1″>

You can then login with any string as the account name and resolve the original configuration error

Visits: 33