OpenWGA 7.11 - OpenWGA Concepts and Features

Administration

Administrator users

Administrator users or "administrative logins" are definitions username/password pairs that need to be determined each time an administrative tool like the OpenWGA admin client is entered.

These users are to be seen entirely separately from the user authentication on OpenWGA web applications. A web client that is logged in as administrator user may still be anonymous for any OpenWGA web application. You can see this when opening the menu "Web Applications > By domain" on OpenWGA admin client. On the top right of each domain section you can see what your current user login on each domain is:

screenshot_99(017).png

While you are obviously logged in as administrator, since you have the admin client open, you still are "anonymous" to all applications in domain "default". You now may login to this domain with any valid user login - for example by clicking the "anonymous" in the shown section and using the built-in user login facility of the admin client - while still keep being logged in as administrator. OpenWGA not only stores individual user logins for individual domains, it also keeps administrative logins equally separated.

You can define administrator users on the OpenWGA admin client, Menu "Configuration" > "Administrators". We recommend:

  • Choosing a different administrator user name than the default "admin"
  • Having at least two administrator logins in case one if it gets "locked out"

In case you lock yourself out

This may happen if you lose the password of your single administrator login, if you specify a wrong administrative port by which you cannot access or if the "brute force locking" applies to your administrator users after 5 wrong login attempts. The easiest way to gain administrative access again is to directly modify the OpenWGA configuration files in your servers file system with a text editor.

Find the file wgaconfig.xml. When installed from the debian package it should be under "/etc/openwga". When using the linux installer it should be under "/opt/wga". When using the J2EE web archive it is normally stored in a subfolder "WGA" below the home dir of the user running the OpenWGA server.

The wgaconfig.xml is an XML configuration file. You can edit it with any text editor but may need some basic understanding of XML syntax to edit it without breaking it. Best is to save a copy of it to some other place before editing it.

To change a faulty administrative port:

Find the XML tag <adminToolsPortRestrictions> and remove any contained <integer> tags from it

To restore the default administrative login:

Find the XML tag <administrators> and add the following subtag:

<administrator uid="be2a5397291a629590e8fdb8edee5d3f" username="tempadmin" password="wga" encoding="none"/>

Remove any other <administrator> tag with username="tempadmin" form the <administrators> tag content, in case such a tag already exists.

This will create an admin login "tempadmin" with password "wga" for this server which you now can use to gain access. You of course may fill the password attribute of the administrator tag to something less obvious than "wga", so nobody else can use your "temporary admin login". 

Then save the file and wait some seconds for OpenWGA to pickup the changes. Login with your "tempadmin" to OpenWGA admin client and use it to restore access to your regular administator login by resetting its password (Menu "Configuration", menu item "Administrators").

After that you may want to change to that regular admin login to ensure you have restored access. Then you should delete the "tempadmin" login again, what you now may do from inside OpenWGA admin client.