Symantec Access Management

Tech Tip : CA Single Sign-On : Steps to Re-register Admin UI

  • 1.  Tech Tip : CA Single Sign-On : Steps to Re-register Admin UI

    Posted 10-04-2018 02:36 AM

    Introduction:

     

    This Knowledge base article goes through the Steps of Re-registering the SSO Administrative UI with the Policy server.

    The Instructions are for Default JBOSS application server as well as for the deployment on Weblogic application server

     

    Environment:

     

    This applies to 12.x SSO product on all platforms

     

    Instructions:

     

    The below Instructions are for the Default JBOSS application server

     

    Summary of Steps:

     

    1.Shut down Administrative UI JBOSS application server

    2.Delete the "data, log, tmp & work" folder under "<adminui dir>\server\default\" directory

    3.XPSExplorer: remove the trusted host created by XPSRegClient

    4.XPSSecurity: remove the WAM UI Admin Directory

    5. Delete the SMWAMUI Administrator Account

    6.Run XPSRegClient command on the Policy Server

    e.g. XPSRegClient siteminder:<password> -adminui-setup -vT

    7.Start Administrative UI service/ Jboss application server

    8.Access the Administrative UI webpage to complete the registration (e.g.:

    http://<fqdn>:8080/iam/siteminder/adminui)

     

    Detailed Steps Instructions:

     

    ** Shut down JBOSS

    1.Navigate to <Siteminder_AdminUI_Home>/siteminder/adminui/bin

    2.shutdown.bat (Windows) or shutdown.sh (UNIX)

    ** Delete the "data, log, tmp & work" folder under "<adminui dir>\server\default\" directory

    ** XPSExplorer -delete trustedhost

    1.Open the command prompt / shell on the Policy Server

    2.Change to the <PS Install Dir>/bin

    3.Launch "XPSExplorer":

    4.Run: xpsexplorer

    5.Type 110 or 139 TrustedHost* ((or whatever number corresponds to

    TrustedHost*), then hit ENTER

    6.Type 's' for Search Objects , then hit ENTER

    7.Locate the Trusted Host Object with the Desc: "XPSRegClient"

    with the host name of the WAMUI possibly listed as an FQDN. It will look

    something like this:

     

    1. 3-CA.SM::TrustedHost@24-xpsagent-fwrk-1cc9-991a-062X4CC9A2EB

    (I) Name : "siteminder"

    (C) Desc : "Generated by XPSRegClient"

    (C) IpAddr : "0000:0000:0000:0000:0000:FFFF:"

    (C) RolloverEnabled : false

     

    8.Confirm the Object ID for the Trusted Host Object with the name Desc

    that corresponds to the WAMUI host

    (The object id prefaces CA.SM::TrustedHost@24-xpsagent-fwrk~ .

    In the example above, the object id is 3 )

    9.Type the object id number which corresponds to the WAMUI Trusted host object, then hit ENTER

    10.Type d to delete the selected object id, then hit ENTER.

    11.Type 'q' to go back, and then 'q' again, and then 'q' again

    (until you get the big list where it says 'MAIN MENU')

    12.Choose 'q' again to exit XPSExplorer

     

    ** XPSSecurity -delete Admin Directory User

    1. Run XPSSecurity and delete the below entry ('SiteMinder Administrative UI Directory User')

    NOTE: XPSSecurity is found in the installation binaries along with smreg and is not copied to the \bin directory during installation.

    MAIN MENU*******************************************************************

    A - Administrators

    S - Security Categories

    C - Classes

    W - Workspaces

    B - Begin Transaction

    P - Synchronize with Policy Server (if running)

    Q - Quit

    -------------------------------------------------------------------

    Enter Option (A,S,C,W,B,P or Q): A

    Look for SM_ADMIN-DIRECTORY

    7 - SiteMinder Administrative UI Directory User

    SM-ADMIN-DIRECTORY

    Used by the UI for authenticating administrators

    2. Enter "D" for Delete

    ----------------------------- Metadata ----------------------------

    XID: CA.XPS::Administrator@000eface-b8a0-1345-b89c-9e4e0a82d04b(4103)

    In Cache? no

    (1)

    Created: 2014-04-09 21:16:44 GMT

    By: XPSDictionary::Import (via Internal)

    -------- Attributes from CA.XPS::Administrator (Base Class) -------

    01: Description "Used by the UI for authenticating administrators"

    02: Flags 0(0x0):

    03: MethodsAllowed 4(0x4): AdminUI

    04: Name "SiteMinder Administrative UI Directory User "

    05: UserPath "SM-ADMIN-DIRECTORY"

    06: Workspaces

    -------------------------------------------------------------------

    B - Blank out an Attribute

    G - Generate GUID

    V - Validate

    U - Update

    D - Delete

    R - List Rights

    A - List 6 Attributes

    Q - Quit

    -------------------------------------------------------------------

    Enter Option (# or BGVUDRAQ): D

    Note : From R12.52SP2 onwards, the folder structure for Administrative UI is changed as the embedded JBoss has now been upgraded from 5.0 to 8.2

     

    So, instead of doing following above :

     

    1.Delete the "data, log, tmp & work" folder under "<adminui dir>\server\default\" directory

    You should : Delete the "data,log,tmp" folder under "<adminui dir>\standalone" directory.

     

    ** Delete the SMWAMUI Administrator Account

    1. Open the command prompt / shell on the Policy Server

    2. Navigate the file system to the <PS Install Dir>/bin

    3. Launch "XPSExplorer"

    4. Type ‘93’ for Administrators, then hit ENTER

    Example: “ 93– Admin*”

    5. Type 'S' for Search Objects, then hit ENTER

    Example: “ S – Search Objects”

    6. Locate the Admin object with the name "SMWAMUI:<WAMUI FQDN>". It will look something like this:

    2-CA.SM::Admin@12-6d192e45-48e4-4870-be9d-a5v8r31t596u

    (I) Name :"SMWAMUI:myserver.host.com__0"

    7. Confirm the Object ID number for the Admin Object with the name "SMWAMUI:<FQDN>_n".

    NOTE: (The object id prefaces “CA.SM::Admin@<OID>”. In the example above, the object id is “2”)

    8. Type the object id number which corresponds to the name "SMWAMUI:siteminder", (“2”), and then hit ENTER

    9. Type ‘D’ to delete the selected object id, and then hit ENTER.

    10. Type 'Q' to go back, and then 'Q' again, and then 'Q' again (until you get the big list where it says 'MAIN MENU').

     

    ** Run XPSRegClient command on the Policy Server

    e.g. XPSRegClient siteminder:<password> -adminui-setup -vT

    ** Start Administrative UI service/ Jboss application server

    ** Access the Administrative UI webpage to complete the registration (e.g.:

    http://<fqdn>:8080/iam/siteminder/adminui)

     

    The below Instructions are for the Weblogic application server

     

    1. Shut down weblogic <weblogic_path_to_domain>\bin\stopWebLogic.sh

    2. Delete the "data" folder under "<weblogic_path_to_domain>" directory. The default location is,<welbogic install>\user_projects\domains\<user_domain>\

    3. Run XPSRegClient command on the Policy Server

    e.g. XPSRegClient siteminder:<password> -adminui-setup -vT

    4. Start Policy Server

    5. Start weblogic

    6. Access the Administrative UI webpage to complete the registration (e.g.:

    http://<fqdn>:<port>/iam/siteminder/adminui

     

    Additional Information:

     

    This has been incorporated into the documentation. Please visit
    docops.ca.com for your version for updated information


    KB : KB000009742