Fallback to legacy administrator when AD is unavailable

Document ID : KB000092811
Last Modified Date : 03/05/2018
Show Technical Document Details
Question:
We currently have SiteMinder v12.7 policy servers that use AD to authenticate administrators when they log in to the Web Admin UI. How can we configure the policy server to fallback to local SiteMinder administrators when the AD is unavailable? Have tried to create "legacy administrators" (with various options including "System" and "CA Single Sign-On Database" but this does not seem to permit login via the admin UI.
Answer:
Unfortunately this is not possible, see:

"Note: Legacy Administrators can access the Administrative UI when the policy store is configured as the source of administrator identities (the default). However, after an external administrator store is configured, Legacy Administrator accounts cannot access the Administrative UI."

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/policy-server-configuration/administrators#Administrators-LegacyAdministratorAccounts


However, you can "reset" the adminui, see: 

1) Stop JBoss service 

2) Delete the folder: <CA Install location>\SiteMinder\adminui\server\default\data 

(Note: This defaults the user back to using policy store authentication.) 

3) Restart JBoss service 

4) Log back in using the original policy store based user and password. 

https://communities.ca.com/thread/98805946