Introduction:
On occasion it may be necessary to manually ‘Reset’ or reconfigure the CA Siteminder Admin UI. This can be the case when you’ve overwritten an existing Policy Store to which
the Policy Server which the WAMUI is configured to connect to has been overwritten by the import of a policy store from another environment. This may also be necessary when
pointing an existing WAMUI at a new environment. This can frequently be presented as a problem connecting to the Policy Server with the WAMUI where previously it had worked
without any problems.
Frequently previous attempts to re-run XPSRegClient and even smreg –su to reset the Siteminder password have not resolved connection issues with the WAMUI.
This document goes through the detailed steps on how to rest an existing WAMUI. However it primarily focuses on the steps when the WAMUI is implemented on the default
embedded JBoss application server.
Instructions:
I. Stop the Application Server Hosting the WAMUI
You will need to stop the application server which is hosting the WAMUI. The default application server embedded with the CA Siteminder WAMUI is JBoss, however the r12.51
WAMUI is also supported on IBM WebSphere, Oracle WebLogic, and Red Hat JBoss.
ØStop the embedded Jboss Application Server
o MS Windows:
1. Open the Services Manager
a. Start -> Run -> Services.msc
OR
b. Launch Server Manager and browse to Configuration -> Services.
OR
c. Start –Control Panel -> Administrative Tools -> Services
2. Stop the “SiteMinder Administrative UI” service
NOTE: Alternative you could simply run one of the following commands from a command prompt:
sc stop SMADMINUI
net stop SMADMINUI
o UNIX:
1. Logon to the host running the WAMUI
2. Navigate to:
<WAMUI Home>/CA/siteminder/adminui/bin/administrative_ui_install
3. Run the following command:
shutdown.sh
ØStop 3rd Party Application Servers
o IBM WebSphere: See OEM documentation
o Oracle WebLogic: See OEM documentation
o Red Hat JBoss: See OEM documentation
II. Delete the WAMUI Configuration from the Embedded JBoss Application Server
1. Logon to the WAMUI host
2. Navigate the file system to the following directory:
<WAMUI Home>\CA\SiteMinder\adminui\server\default
3. Delete the entire “data” directory
III.Delete the WAMUI objects from the Policy Store
Delete the SMWAMUI Administrator Account
1. Open the command prompt / shell on the Policy Server
2. Navigate the file system to the <PS Install Dir>/bin
3. Launch "XPSExplorer"
Run: xpsexplorer
4. Type ‘77’ for Administrators, then hit ENTER
Example: “ 77– Admin*”
5. Type 'S' for Search Objects, then hit ENTER
Example: “ S – Search Objects”
6. Locate the Admin object with the name "SMWAMUI:<WAMUI FQDN>". It will look something like this:
2-CA.SM::Admin@12-6d192e45-57e4-4870-be9d-c5f8d31d596a
(I) Name :"SMWAMUI:lavst01-vm81425.smadfaa.com__0"
7. Confirm the Object ID for the Admin Object with the name "SMWAMUI:siteminder".
NOTE: (The object id prefaces “CA.SM::Admin@”. In the example above, the object id is “2”)
8. Type the object id number which corresponds to the name "SMWAMUI:siteminder", (“2”), and then hit ENTER
9. Type ‘D’ to delete the selected object id, and then hit ENTER.
10. Type 'Q' to go back, and then 'Q' again, and then 'Q' again (until you get the big list where it says 'MAIN MENU').
Delete the WAMUI Trusted Host Object
1. Type ‘134’ for Trusted Hosts, and then hit ENTER
Example: “134 – TrustedHost*”
2. Type 'S' for Search Objects, then hit ENTER
3. Locate the Trusted Host Object with the Desc: "Generated by the XPSRegClient"
Example:
1-CA.SM::TrustedHost@24-xpsagent-fwrk-4c6b-8b93-54eX51A950BE
(I) Name :"lavst01-vm81425.smadfaa.com__0"
(C) Desc :"Generated by XPSRegClient"
4. Confirm the Object ID for the Trusted Host Object with the name Desc that corresponds to the WAMUI host (The object id prefaces “CA.SM::TrustedHost@24-xpsagent-fwrk~”. In
the example above, the object id is “1”)
5. Type the object id number which corresponds to (“1” in the example above)
Name : = <FQDN of WAMUI host
Desc: = "Generated by XPSRegClient"
6. Hit ENTER
7. Type ‘D’ to delete the selected object id, and then hit ENTER.
8. Type 'Q' to go back, and then 'Q' again, and then 'Q' again (until you get the big list where it says 'MAIN MENU')
9. Choose 'Q' again to exit XPSExplorer
Delete the 'SiteMinder Administrative UI Directory User’
1. Open the command prompt / shell on the Policy Server
2. Copy XPSSecurity from the CA Siteminder Policy Server installation binaries to the <Siteminder Install Dir>/bin directory.
NOTE: XPSSecurity is found in the installation binaries along with “smreg” and is not copied to the \bin directory during installation.
3. Navigate the file system to the <PS Install Dir>/bin
4. Launch "XPSSecurity"
5. Type “A” for ‘Administrators’
6. Locate the Siteminder Administrative UI Directory User
Example:
3 - SiteMinder Administrative UI Directory User
SM-ADMIN-DIRECTORY
Used by the UI for authenticating administrators
7. Locate the SMWAMUI
Example:
4 - SMWAMUI:sm1251-01__0 [Legacy]
SM://fd6b1b67-bc12-46ff-bb11-9b4a6adfc355/SMWAMUI:sm1251-01__0
8. Confirm the object ID for the Siteminder Administrative UI Directory User
9. Enter the object ID (“3” in the example above) and then hit ENTER.
10. Type ‘D’ to delete the selected object id, and then hit ENTER.
11. Confirm the object ID for the SMWAMUI
12. Enter the object ID (“4” in the example above) and then hit ENTER.
13. Type ‘D’ to delete the selected object id, and then hit ENTER
14. Type “Q” and then ENTER until you are back at the XPSSecurity MAIN MENU.
15. Type “P” and then enter to Synchronize with the Policy Server.
16. Type “Q” and then enter until you have exited XPSSecurity.
IV. Synchronize the data in the XPS Extensions with the Policy Store
Run XPSSweeper
1. Open the command prompt / shell on the Policy Server
2. Navigate the file system to the <PS Install Dir>/bin
3. Run: xpsexplorer
V. Rest the Siteminder password
1. Open the command prompt / shell on the Policy Server
2. Copy “smreg” from the CA Siteminder Policy Server installation binaries to the <Siteminder Install Dir>/bin directory.
NOTE: smreg is found in the installation binaries along with “XPSSecurity” and is notcopied to the \bin directory during installation.
3. Navigate the file system to the <PS Install Dir>/bin
4. Run the following command:
smreg –su <password>
NOTE: Use the same password that you have using for the Siteminder account in this environment
VI.Prepare the Policy Server for a WAMUI Registration
You run the Administrative UI registration tool to create a client name and passphrase. A client name and passphrase pairing are values that the Policy Server uses to identify the
Administrative UI you are registering. You submit the client and passphrase values from the Administrative UI to complete the registration process.
Run XPSRegClient
1. Open a command prompt from the Policy Server host system.
2. Run the following command:
XPSRegClient client_name[:passphrase] -adminui -t timeout -r retries -c comment -cp -l log_path -e error_path -vT -vI -vW -vE –vF
Note: Inserting a space between client_name and [:passphrase] results in an error.
VII. Start the Application Server Hosting the WAMUI
ØStart the embedded Jboss Application Server
o MS Windows:
1. Open the Services Manager
a. Start -> Run -> Services.msc
OR
b. Launch Server Manager and browse to Configuration -> Services.
OR
c. Start –Control Panel -> Administrative Tools -> Services
2. Start the “SiteMinder Administrative UI” service
NOTE: Alternative you could simply run one of the following commands from a command prompt:
sc start SMADMINUI
net start SMADMINUI
o UNIX:
1. Logon to the host running the WAMUI
2. Navigate to:
<WAMUI Home>/CA/siteminder/adminui/bin/administrative_ui_install
3. Run the following command:
startup.sh
Now try to Launch the WAMUI and Login again.
Additional Information:
This has been incorporated into the documentation. Please visit
docops.ca.com for your version for updated information
KB :