In IBM Websphere(8.5.5.14) wehen we access the adming console using the insecure url
http://[server]:9060/ibm/console, we are redirected to https://[server]:9043/ibm/console
How to disable such a redirect and how to be able to use the admin console in an insecure way ?
This is generally not preferred, but what I have is a Websphere running under kubernetes and the routes already take care of ssl so internally within the cluster, I don't require ssl.
I don't believe there's any way to do this without disabling Administrative Security entirely, which would also allow anyone in, without authentication.
Administrative security can be thought of as a "big switch" that activates a wide variety of security settings for WebSphere® Application Server. Values for these settings can be specified, but they will not take effect until administrative security is activated. The settings include the authentication of users, the use of Secure Sockets Layer (SSL), and the choice of user account repository. In particular, application security, including authentication and role-based authorization, is not enforced unless administrative security is active. Administrative security is enabled by default.
This could be happening because authentication is on for your Websphere admin console, so redirect to https is default set on when admin console is accessed. If the security is disabled, the admin console can be accessed from http. It can done from wsadmin in cmd with these steps
1. <WAS_INSTALL_DIR>/bin/> wsadmin -conntype NONE
2. wsadmin> securityoff
3. wsadmin> exit
4. Restart the servers (running Java processes should be stopped)
More details here https://www.ibm.com/support/pages/disabling-websphere-administrative-security-when-admin-console-not-accessible
