Symantec Access Management

  • Private Community
 View Only

  • 1.  vApp IG & IP - Missing Configuration for External Database

    Posted Nov 22, 2017 05:48 PM

    Team,

     

    If you wish to use Non-Prod or Prod configuration with the Identity Suite vApp; and an external database, you may see a startup issue for the IP component for the IP User Console.    While the IG and IP management consoles load / start fine, the IP User Console will return the following error message:   "CA Identity Portal - System is currently unavailable. Please contact your system administrator"

     

    Below screen after initial deployment. 

     

     

    This startup issue existed in vApp r14.1 prior to cr04.

     

    Resolved in cr04

    https://docops.ca.com/ca-identity-suite/14-1/EN/release-notes/ca-identity-suite-virtual-appliance-release-notes/virtual-appliance-service-packs-and-cumulative-patches-14-1/latest-cumulative-patches-14-1/cp-va-140100-0004-release-notes

     

     

     

    If you wish to resolve it manually, you can follow the below Tech Note:

    https://support.ca.com/us/knowledge-base-articles.TEC1907759.html

     

     

    Below section shows how to resolve and add in additional IP modules:

     

    Note:  If you are deploying a new vApp instance, you may experience a process where the vApp does not seem to complete it last deployment step.

     

     

    Resolution Steps:

     

    1) Create a new IG connector via the IP management console:  Setup/Connectors/Create

     

     

    2) Populate IG Configuration & mark as Main Connector (assumes only IP & IG)

     

    3) Update IG Connection / Credentials - Update TCP Port for SSL

    - Enable Advance Logging if you wish.

    - Click Next; Select ALL; and then Create the New IG Connector

     

    4) Restart the IG Connector to ensure no issues.

     

    5) Define the primary userID identifier for the new IG Connector

    - Setup / Managed Object Attributes / Add User Attribute

     

    6) Define any value for display Name, but select the IG connector & the IG Backend Name "UserName"

    - Optional:  Check to mark this as searchable.

    - Optional:  Add in other attributes as you wish, but only UserName is mandatory for the IP User Console.

     

     

    7) Restart the IG Connector to confirm no issues.

     

    Step 8) Login to the IP User Console

     

    Step 9) View the default Module - Add more as needed for requirements.

     

    Step 10) Add in all available predefined IP Modules via IP Management Console

     

    Step 11) Refresh or re-authenticate to IP User Console to see all modules

     

    Step 12) Modify the IP/IG solution stack to your desired state.

    - Do not forget to export your configurations via the IP/IG management consoles for backup/recovery requirements.

     

     

    Cheers,

     

    A.

     

    Edit:  11/27/2017

     

    If you wish to view a deployment process with MS-SQL, I have a PDF attachment on this link:

    Identity Suite vApp - IP & IG Deployment Model with external database (MS-SQL) 



  • 2.  Re: vApp IG & IP - Missing Configuration for External Database

    Posted Nov 23, 2017 11:46 AM

    Alan,

     

    Thanks for updating the discussion thread with the information on IP VA 14.1 CR4. I'll test this out in the LOD and locally as I am working on scenarios where IG with IP is the focus.

     

    I'll post any feedback on the updated CR.