Deploying Administration Web Interface to IBM WebSphere Manually

To deploy Administration Web Interface to IBM WebSphere manually

1. Copy the following files from the product CD to a folder on the IBM WebSphere host machine:

   • cd_drive\Software\webadmin\admintool_version.jar
   • cd_drive\Software\webadmin\webadmin_version.war

   This procedure includes some steps to modify webadmin_version.war. If you do not want to modify that file yourself, you can use a version of Web Administration Service adapted for IBM WebSphere EE for manual deployment on the OneSpan Authentication Server product CD:

   • cd_drive\Software\webadmin\webadmin_websphere_version.war
2. Verify that version 8.0 of IBM WebSphere SDK Java Technology Edition is installed with IBM WebSphere Application Server. See Supported web servers and browsers for information on the supported versions.
3. Enable IBM WebSphere SDK Java Technology Edition.
4. Open the IBM WebSphere administrative console at http://localhost:9060/ibm/console, and log on as an administrator.

5. Navigate to Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings > Quality of protections (QoP) settings, and set the protocol to TLSv2.

   Alternatively, in the IBM WebSphere server xml configuration file, set the SSL protocol to SSL_TSLv2 (sslProtocol="SSL_TLSv2").

6. On the same page, ensure that the provider is set to Predefined JSSE provider, and that the selected provider is IBMJSSE2.
7. Add the IP address of the IBM WebSphere Application Server as administrative client component in OneSpan Authentication Server.
8. Verify that the URL  https://ias_ip_address:8888  on IBM WebSphere is responding. If it is not, check if OneSpan Authentication Server is running, and/or check the firewall settings.

9. Add OneSpan Authentication Server to the Administration Web Interface using admintool.jar, by running the following command from the directory where admintool.jar is located:

   <websphere_install_dir>java\jre\bin\java -jar\admintool_<version>.jar server add <ias_name> https://<ias_ip_address>:8888

10. Navigate to Servers > Application Servers > server1 > Process Definition > Java Virtual Machine. In Generic JVM arguments, add the following argument:

    -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true
    -Djava.net.preferIPv6Addresses=false

11. Navigate to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port.
12. Enter the IP address and the secure SOAP port for OneSpan Authentication Server.
13. Enter an alias.
14. Click Retrieve signer information, then click OK, and Save.

15. Stop and restart WebSphere Application Server with the following commands:

    [administrator@localhost IBM]$ .\WebSphere\AppServer\bin\stopServer.bat
    server1
    [administrator@localhost IBM]$ .\WebSphere\AppServer\bin\startServer.bat
    server1

16. Save the webadmin_version.war file.
17. Open the WebSphere administrative console and log in as an administrator.
18. Navigate to Applications > New Application > New Enterprise Application.
19. Select Local File System and click in the Full path field to browse to the webadmin_version.war file on the local machine.

20. Click Next to accept all default options for the following pages:

    • Preparing for the application installation
    • Select installation options
    • Map modules to servers
    • Map virtual hosts for Web modules pages
21. In the Map context roots for Web modules page, enter /webadmin in the Context Root field, and click Next.
22. Click Finish.
23. Click Save.
24. Navigate to Application Types > WebSphere enterprise applications.
25. Click webadmin_websphere_war.
26. Click Manage Modules.
27. Click IAS Web Administration.
28. Select Classes loaded with local class loader first (parent last) from the Class loader order drop-down list.
29. Click OK.
30. Click Save.
31. (Re-)Start the webadmin application.
32. Stop and start the webadmin.war application from the WebSphere administrative console.

33. To verify the Administration Web Interface is up and running, access the Administration Web Interface via a web browser at the following address: http://localhost:9080/webadmin/login.action.

    To ensure secure communication, it is essential that you publish the Administration Web Interface via HTTPS. Do not use HTTP, as this protocol is not secure!