Symantec IGA

Hi

  Hope you guys doing great!

    Myself Facing error while trying to login CA Management Console. Tried checking the username and password in IM_AUTH_USER table and everything is fine.

 One more issue also there with provisioning role.

Error:

[facility=6 severity=3 reason=0 status=11 message=The IdentityMinder directory does not support this feature.]

I see case 01175349 was opened for this question and issue.  I will review and discuss internally to find more information on how to drive this forward to resolution.  Thank you.

Have you been able to Check in the "ucy_environment_settings.xml" file if it is updated as provisioning enabled="false" under "Provisioning" section?

Did you ensure Provisioning was enabled for this IME under Management Console > Advanced Settings > Provisioning and we will be able to utilize Provisioning Roles?

Let us know the results and continue to update and work through the case.  I will also monitor this post for other information from our user community.  Thank you.

Hi SCOTT

    Thanks for your response. what you have advised is very helpful. But the issue here is while logging into Management console. 

Screenshot attached(IAM error1.png).

   Only then we can try editing  "***_environment_settings.xml" and change Management Console > Advanced Settings > Provisioning.

Awaiting reply!

BR

Kirupakaran

Hi,

The problem is - Authentication directory MemberRule doesn't match with column name "ID" of table name "IM_AUTH_USER"

Please modify either authentication directory MemberRule to match with column "ID" of IM_AUTH_USER table, OR

Modify ID value according to MemberRule Auth directory.

For instance, if ID value is 0, then MemberRule should be "admin(0)"

where admin is username for management console

I can see same error if this is not matching.

Thanks,

Anupam

Hi Anupam

  Great reply!

Can you please help me with where can i find - Authentication directory MemberRule

BR

Kirupakaran

Hi Kirupakaran,

Get the "UNIQUE_NAME" of Auth directory from "IM_DIRECTORY" table

REF_ID of "IM_DIRECTORY_LD" table is foreign key for "UNIQUE_NAME" of "IM_DIRECTORY" table

write SQL to get details where REF_ID = UNIQUE_NAME value

We can see the MEMBER_RULE attribute present in SECTION_NAME 'SETTINGS'

Hi Anupam

In my case - ID value is 0 and MemberRule is  "Adminstrator(0)" 

IM_AUTH_USER:

USER_NAME     DISABLED         ID

Administrator              0                  0

IM_DIRECTORY_LD:

REF_ID         SECTION_NAME                  ATTRIBUTE_NAME                                       ATTRIBUTE_VALUE

1                    SETTINGS                               MEMBER_RULE                                              Administrator(0)

IM_DIRECTORY:

UNIQUE_NAME                FRIENDLYNAME

1                                         AuthenticationDirectory

  As you said everything is perfect and same issue. Is there anything else to do. Please share your view.

BR

Kirupakaran

Hi Kirupakaran,

In the management console, go to the advanced settings,

In the Provisioning Properties, select the property name "Enabled" ( Enable the check box - In the Value),

Give the information in the Inbound Administrator,

In the Provisioning Server, Select the directory and click Save,

Post this, you will be able to modify the provisioning role,

Regards,
Ram

Thank You Anupam for the suggestions on this, 

Regards,

Ram,