MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Fri July 15, 2022 02:05 PM
    I've configured the mqweb server to use both secure and non-secure ports for the MQ console with these settings:

    <variable name="httpHost" value="*"/>
    <variable name="httpPort" value="8080"/>
    <variable name="httpsPort" value="9443"/>
    Running 'dspmqweb status' shows the server is listening on the expected ports.

    I can access the IBM MQ Console's login page over both URLs.  However, I can only successfully log in over the HTTPS URL.  Over HTTP, when I input the credentials the screen just blinks and goes back to a blank login page.  I don't see any errors in either the web server or browser logs.

    Am I missing some other configuration setting?  Or, maybe this is due to some setting in the browser.  I've tried both Chrome and Safari and get the same results.

    Thanks,
    Jim

    ------------------------------
    Jim Creasman
    ------------------------------


  • 2.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Mon July 18, 2022 02:19 AM
    Hi Jim,

    You will need to check, but usually when you have a website that serves both secure and non secure pages you have somewhere in the config a list of secure pages,
    Those are pages that do need to be addressed as secure https to function correctly.

    Maybe your case is one of those...

    ------------------------------
    Francois Brandelik
    ------------------------------

    Original Message


  • 3.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Mon July 18, 2022 03:59 AM

    Hi Jim,

    What version are you running? I can recreate this at 930, although not all the time. It's been a while since I have tried using the no security variant, but I don't think you should get the login page at all in that case.

    If you enter http://localhost:8080/ibmmq/console/#/ you should be able to get past the login page. Or at least that worked for me.

    In the messages.log do you get an error about missing a j_security_check resource or something similar?

    What features do you have enabled?

    Regards, Matt.



    ------------------------------
    MATTHEW LEMING
    ------------------------------

    Original Message


  • 4.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Mon July 18, 2022 05:35 AM
    Hi Jim,

    I think this is because by default the mqweb server is configured not to send back the LTPA cookie over an insecure connection, so there's no way to keep track that you're logged in to the MQ Console. Try setting the secureLtpa proprety to false, e.g.

    setmqweb properties -k secureLtpa -v false

    Regards

    Gwydion

    ------------------------------
    Gwydion Tudur
    ------------------------------

    Original Message


  • 5.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Mon July 18, 2022 09:49 AM
    Thanks, Gwydion.  That worked!

    ------------------------------
    Jim Creasman
    ------------------------------

    Original Message


  • 6.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Fri December 15, 2023 06:32 AM

    Gwydion, as always, you're star! This solved the issue for me as well, we've been stuck for a while! 



    ------------------------------
    Ashlin Joseph
    ------------------------------

    Original Message


  • 7.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Mon July 18, 2022 10:02 AM
    Matt,

         Adding "#/" did not work for me.  We have version 9.2.0.4 installed.  Part of the challenge was that I did not see any errors in the logs -- either browser log or MQ web log on the server.  These are the MQ components we are installing:  ibmmq-runtime, ibmmq-server, ibmmq-java, ibmmq-jre, ibmmq-gskit, ibmmq-amqp and ibmmq-web.  Is that what you meant by which features are enabled?

         FWIW, the suggestion made by Gwydion resolved the issue.  After setting secureLtpa to false I am able to log into the console the same as when using the secure port.

    Jim

    ------------------------------
    Jim Creasman
    ------------------------------

    Original Message


  • 8.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Tue July 19, 2022 08:10 AM
    Thanks Jim,

    I meant which liberty features do you have installed. Sorry for not being clearer. Regardless I am pleased that Gwydion got you around this.

    Regards, Matt.

    ------------------------------
    MATTHEW LEMING
    ------------------------------

    Original Message


  • 9.  RE: Accessing IBM MQ console over non-secure port (HTTP vs HTTPS)

    Posted Tue July 19, 2022 03:44 PM
    Right... I figured that out just after I hit the Post button on my earlier reply ;-).  To answer your question, these are the features as listed in the mqwebuser.xml.

      <featureManager>
      <feature>appSecurity-2.0</feature>
      <feature>ldapRegistry-3.0</feature>
      <feature>basicAuthenticationMQ-1.0</feature>
  </featureManager>​


    ------------------------------
    Jim Creasman
    ------------------------------

    Original Message