Symantec Access Management

Expand all | Collapse all

Tech Tip : CA Single Sign-On :: Policy server :: Register Trusted Hosts  with External Admin Account

  • 1.  Tech Tip : CA Single Sign-On :: Policy server :: Register Trusted Hosts  with External Admin Account

    Posted 11-18-2015 02:09 PM

    ###### Tip Description

     

    - From Adminui ,Configure an External Admin Store to create Administrators to access the Adminui

    - The created Admins are granted SuperUser Roles and are able to access the Adminui with no issues

    - Now if you attempt to use the External Admin Store admins to perform Host Registration ( for example attempting to register an agent) ,you will get an Unknown Administrator error such as the below

     

     

    <command=login>

    <user=!test>

    <password=** Not Shown **>

    [Failed to resolve administrator '!test']

    <status=E/0093/6/Unknown administrator>

     

     

    ##### Reason

     

    1) Adminui External Admin Store users are strictly to be used for the Adminui management ONLY .

    2) The SuperUser Admin Role applies to the Adminui Functionalities and cannot be used to perform host registration

    3) this is working per design on all 12.x Siteminder Releases

    4) Only Legacy Admins are allowed to perform host registration

     

    To create a Legacy user ,Please follow the below Steps

     

    1) created a User directory based on the same User directory used by the Admin External Store

    2) Under the Administration --> Administrator --> Legacy Administrators ,create a new Legacy Administrator as follows

    a) Name --> give the Admin name to be created

    b) under Administrator lookup ,chose "External Directory" and chose the User Directory you created in the first step and select  "Basic Authentication"

    c) under "Administrator Privileges" ,chose the "System" and select all the tasks including the "Register Trusted Hosts" and save the changes

    3) now if you go under Administration --> Administrator --> Administrators ,you will see that the indicated admin was created with -legacy attached to the name

     

     

    Now this legacy admin can be used to perform Host registrations .

     

    In Summary --> Only Legacy Admins can be used to Register Trusted Hosts.



  • 2.  Re: Tech Tip : CA Single Sign-On :: Policy server :: Register Trusted Hosts  with External Admin Account

    Posted 03-23-2017 09:40 AM

    Thanks Joe!   I was looking all over the internet for an explanation on this!!



  • 3.  Re: Tech Tip : CA Single Sign-On :: Policy server :: Register Trusted Hosts  with External Admin Account

    Posted 03-23-2017 11:50 AM

    Thanks Rich, glad it helped