Monday, January 24, 2011

How to configure authentication in Quests QMX for Websphere WAS

If you try to configure Quests Management Extension for Websphere Application Server 6/7 you realize very soon, that there is no possibility to provide username or password for the Performance Monitoring Servlet URL.

With the following workaround you are able to connect to the servlet but unfortunately you have to enter the password in clear text. So at least it may be a good idea to change the file permission to a minimum requirement for the files affected. And it would be good to use a dedicated service user with the “monitor” permission in WAS.

There are two files (called PMIServletReader.js and TestConnection.js) to be modified in the folder %ProgramFiles%\eXc Software\WMI Providers\nonWindows\Virtual Agent Library\MOM\Websphere

The important script is PMIServletReader.js where you have to modify line 99. There you find the following string:"GET", strURL_in, false);

Add the following (bold) text to the line and replace username and password to the one you like to use:"GET", strURL_in, false, "username", "password");

Double-check that the quotation mark (") is not a special character. I prefer to delete the copied ones and replace them by the one given by the editor.

Save the edited script. If you like to test the connection (what I recommend) you have to edit the same line (maybe other line number) in the second script called TestConnection.js. Now you are able to test the connection within Quests Configuration Utility by right click on the WAS server entry and selecting Test Connection. Verify that you have enabled the server by unmark the "disabled” checkbox before testing. Don’t forget to save the change.

You should also be sure, that the value in the field “Websphere Application Server Name” in Quests Configuration Utility is exactly the same as in the XML given by the servlet. Simply open the URL for the servlet in your web browser and copy the value from the tag called “Server name” and paste it into the field from above. This must not be the name of the server itself.

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.


Post a Comment