AS 9.1 IFR: Web UI Authentication Broken (6569813) (Sun Java System Application Server 9.1 Release Notes)

Sun Java System Application Server 9.1 Release Notes

Previous: AS9.1 IFR Windows, inline upgrade, Domain1 is deleted when asupgrade.bat used with short and long path (6596394)
Next: Localized Online Help for asupgrade GUI Does Not Exist (6610170)

AS 9.1 IFR: Web UI Authentication Broken (6569813)

Description

After an Application Server upgrade, the <jsp:forward> tag does not work as expected in Authenticate.jsp. The <jsp:forward> call produces an error in the server logs and a blank page is shown on the WebUI. The problem is that <jsp:forward> in Authenticate.jsp requires a page attribute like <jsp:forward page="${redirectPage}"/>, but the value being passed is a relative path like /registry/thin/{pagename}.jsp, which does not work even Authenticate.jsp is a pure JSP page.

Solution

After completing the Application Server upgrade, use the asadmin tool to run the following commands to set the <auth-realm> in domain.xml:

Go to <appserver9.1-install-dir>/bin and run the following command:
./asadmin delete-auth-realm --host localhost --port 6489 certificate
This removes the old auth-realm certificate, if one exists.

Run the following command:

./asadmin create-auth-realm --terse=false --echo=true --interactive=true \
--user admin --host localhost --port 6489 --classname \
com.sun.enterprise.security.auth.realm.certificate.CertificateRealm \
--property assign-groups=have.client.cert  certificate

This creates the new <auth-realm> with the assign-groups property.

Stop and restart the Application Server registry domain.