Expand my Community achievements bar.

SOLVED

OSGi Web Console Password

Avatar

Level 3
Level 3
5/26/20 1:34:55 PM

I am doing a security review of our AEM instance and going through the Security Checklist.   It is not clear to me what "Changing the OSGi Web Console Password" actually does.  I changed the AEM admin user password to "rainyday".  I changed the OSGi Web Console password to something distinct per the instructions - "sunnyday".  To get to the OSGi Web Console the AEM admin user password "rainyday" allows access NOT the password set for OSGi Web Console. 

  1. Why is is recommended to set an OSGi Web Console password?
  2. When is the password used?
  3. What is the consequence of not setting the OSGi Web Console password?
  4. What is the consequence of setting them to the same thing? "rainyday".

...

clint

Views

1.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/24/20 9:37:23 AM

@ClintLundmark 

As mentioned in the docs under security checks.
We usually update the admin credentials to secure the crx and system/console(OSGI Web Console) as it has all the confidential information on code and jars.
So once you update the admin password let's suppose to sunnyday then in that case using the same password you can login to crx as well as OSGI web console.

Thanks,
Nikhil

View solution in original post

Views

895

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 3
Level 3
6/9/20 11:13:15 AM

Somewhat as a follow up to my original set of questions...

 

How do I test the OSGI Password?  If I set it to something like "sunnyday" how do I know it was actually set or set to what I think it is?

 

Any help to better understand this is appreciated!

 

Thanks.

..

clint

Views

1.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
8/25/20 1:49:35 AM
In response to ClintLundmark
Request you to create a separate Questions for follow up Qs. It helps in SEO.


Kautuk Sahni

Views

903

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
8/24/20 9:37:23 AM

@ClintLundmark 

As mentioned in the docs under security checks.
We usually update the admin credentials to secure the crx and system/console(OSGI Web Console) as it has all the confidential information on code and jars.
So once you update the admin password let's suppose to sunnyday then in that case using the same password you can login to crx as well as OSGI web console.

Thanks,
Nikhil

Views

896

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Build fails: aQute/bnd/osgi/Analyzer has been compiled by a more recent version of the Java Runtime (class file version 61.0), Solved

Views

1.0K

Likes

0

Replies

13
I want desired admin password for installation of Aem through command prompt Solved

Views

195

Likes

0

Replies

3
Apache Sling Context Aware Configurations Override via OSGI Configuration Solved

Views

320

Likes

0

Replies

5
Need to connect to Websocket using OSGI service to communicate with a third-party chatbot

Views

193

Likes

0

Replies

4
Steps to Integrate Adobe Data Collection Web SDK with AEM 6.5 (On-Premise) and Best Practices

Views

151

Likes

0

Replies

1