Instructs the Payara Server DAS and instances to use the specified admin user and the password associated with the password alias to authenticate with each other and to authorize admin operations.


asadmin [asadmin-options] enable-secure-admin-internal-user [--help]
[--passwordalias pwdaliasname]


The enable-secure-admin-internal-user subcommand instructs all servers in the domain to authenticate to each other, and to authorize admin operations submitted to each other, using an existing admin username and password rather than SSL certificates. This generally means that you must:

  1. Create a valid admin user.

    asadmin> create-file-user --authrealmname admin-realm --groups
    asadmin newAdminUsername
  2. Create a password alias for the just-created password.

    asadmin> create-password-alias passwordAliasName
  3. Use that username and password for inter-process authentication and admin authorization.

    asadmin> enable-secure-admin-internal-user
    --passwordalias passwordAliasName

If Payara Server finds at least one secure admin internal user, then if secure admin is enabled Payara Server processes will not use SSL authentication and authorization with each other and will instead use username password pairs.

If secure admin is enabled, all Payara Server processes continue to use SSL encryption to secure the content of the admin messages, regardless of how they authenticate to each other.

Most users who use this subcommand will need to set up only one secure admin internal user. As a general practice, you should not use the same username and password pair for internal admin communication and for admin user login.

If you set up more than one secure admin internal user, you should not make any assumptions about which username and password pair Payara Server will choose to use for any given admin request.



Options for the asadmin utility. For information about these options, see the asadmin help page.


Displays the help text for the subcommand.


The password alias for the user that Payara Server should use for internally authenticating and authorizing the DAS to instances and the instances to the DAS.



The admin username that Payara Server should use for internally authenticating and authorizing the DAS to instances and the instances to the DAS.


Example 1 Specifying a username and password for secure admin

The following example allows secure admin to use a username and password alias for authentication and authorization between the DAS and instances, instead of certificates.

asadmin> enable-secure-admin-internal-user
--passwordalias passwordAliasName

Exit Status


subcommand executed successfully


error in executing the subcommand

See Also