EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

KB484521: How to encrypt the passwords stored in tomcat-users.xml used to access the MicroStrategy Web Admin page

Shane Winslow

Cloud Support Expert I • MicroStrategy

This article explains how to encrypt the passwords stored in the tomcat-users.xml file used to access the MicroStrategy Web Admin page.

Description 


By default, Tomcat utilizes basic authentication to protect and control access to certain pages such as the Strategy Web Admin page. These credentials are stored as plain text in the 

tomcat-users.xml
file located in Tomcat’s 
conf
folder as seen below.

ka04W000000UKkJQAW_0EM4W000001IQgb.jpeg


To enhance the security of Tomcat, the passwords stored in the 

tomcat-users.xml
 file can be encrypted.

Why is this happening?


This is the default configuration of Tomcat.

Solution


The below steps can be followed to encrypt the passwords stored in the

 tomcat-users.xml
file.

  • Make sure the environmental variable JRE_HOME (or JAVA_HOME) is correctly set. The default path on a 2020 Update 2 Windows machine will be 
    C:\Program Files (x86)\Common Files\Strategy\JRE\180_252\Win64.
  • Edit Tomcat’s 
    server.xml
    . If using Tomcat installed as part of the Strategy installation on a Windows machine, the default location will be 
    C:\Program Files (x86)\Common Files\Strategy\Tomcat\apache-tomcat-9.0.30\conf.
  • Modify the 
    server.xml
    to match the below screenshot. The following entry will need to be added, and the 
    /
    after “
    UserDatabase
    ” will need to be removed.
    
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256" /></Realm>

ka04W000000UKkJQAW_0EM4W000001IQgq.jpeg
  • Save 
    server.xml.
  • Open Command Prompt and navigate to Tomcat’s bin folder and go to Tomcat's bin folder (
    C:\Program Files (x86)\Common Files\Strategy\Tomcat\apache-tomcat-9.0.30\bin
    ).
  • Run the following command where MyPassword is the actual password to be encrypted and 
    sha-256
    is the algorithm specified in step 3.
    
digest.bat -a sha-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler MyPassword

    Note: For Linux, the following command can be used: 
    digest.sh -a sha-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler MyPassword

  • The output will be in the format 
    <clear text pwd>:<encrypted pwd>
    . For example, 
    MyPassword:0c568aa878fe2439c2a302d967fd04c15e148d00e5f99304cfd991fd22a6ae94$1$97e10cd18c3611017988f07b6336f07309a346991b28ec79d571090ae241209b
    as seen below.
ka04W000000UKkJQAW_0EM4W000001IQhK.jpeg
  • Copy the encrypted password and place it in 
    tomcat-users.xml
    .
ka04W000000UKkJQAW_0EM4W000001IQhP.jpeg
  • Restart Tomcat.
Comment

0 comments

Details

Knowledge Article

Published:

August 20, 2020

Last Updated:

August 20, 2020