The
OpenEdge Manager user (oemanager) is not the same user as the
user credentials used for OpenEdge Management to access the OEE or OEM Console.
The
OpenEdge Manager user referred to when creating the PASOE instance is not the same as the '
admin' user used when administering OpenEdge Management. For further information refer to Article:
The
OpenEdge Manager user is used for administering PASOE and is configured in the
{catalina_base}/conf/tomcat-users.xml file, associated with the PASOE instance.
- These are the user credentials used for OpenEdge Manager authentication.
- The authentication information provided through the OpenEdge Management Console is for OEM’s use only.
- It is used as connection information to /oemanager Web Application when the oemanager.war is deployed. It is not an “EDIT” of the tomcat configuration.
- These user credentials are not created automatically, when the oemanager user is specified in the Create Progress Application Server interface.
The
tomcat-users.xml file is initially created in the instance Directory specified when a new PASOE instance is created. The
OpenEdge Manager user must then be created (manually) in this file to authenticate once how the OpenEdge manager should be authenticated has been configured:
- Use Tomcat manager username and password (for both manager and oemanager web applications)
- Use OE Manager username and password (for oemanager web application)
For example: After creating the PASOE instance through the Progress Application Server interface, specify how the OpenEdge manager should be authenticated:
- Use Tomcat manager username and password
Tomcat manager login: tcm
Tomcat manager password: tcm
OpenEdge manager authentication:
Use Tomcat manager username and password:
Install Progress Application Server OpenEdge manager web application (which deploys the oemanager.war)
Add these credentials to the
<instance>/conf/tomcat-users.xml file
<!-- start_admin_account -->
<user
username="tcm"
password="tcm"
roles="ROLE_PSCAdmin,ROLE_PSCOper,ROLE_PSCUser" />
<!-- end_admin_account -->
This information is recorded in <
DLC>/properties/pasmgr.properties when the instance is first started. These credentials are used by OEM to connect to the
/oemanager web application.
[PAS.<alias>]
webUserName=tcm
webPassword=243d22243331
Note: You need to use genpassword utility from proenv to generate a new encoded password for the webPassword
For Ex:
proenv>genpassword -password tcm
243d2224333162
When credentials don't match access to the management REST APIs will fail:
Changing the default username/password when securing the manager webapps is part of our recommended practice:
Since
OpenEdge 11.7.2, TCMAN has a new security switch: -
m <uid:pwd> which allows changing container credentials, which previous versions did not.
When creating a PASOE instance in OEM/OEE:
- The tomcat user/password entered in the configuration section is enhanced to pass this information to tcman, and tcman writes this to tomcat-users.xml file.
- If "OpenEdge Manager username and password" is used to authenticate, these credentials still have to be manually created (as outlined above).
When creating the PAS instance with:
tcman/pasman create -m
- Using the -m switch to change container credentials, means that this instance will use a non default login and password for oemanager access.
- This -m option only affects the credentials for the created PAS instance and does not alter the default username/password (tomcat/tomcat) used by OpenEdge Management manager webapps when the instance is registered.
- When the default credentials are changed to secure a PAS instance, both the “OpenEdge Manager” and “Tomcat Manager” login and password fields need to be updated. This is because the tcman/pasman -m option, alters the Tomcat container’s default username and password, which affects both of these manager webapps. Otherwise PASOE Agent and Session details are not visible in the OEE/OEM Console and the pasmgr.properties credentials are not updated: pasman create -m does not update password in pasmgr.properties
