How to change WAMUI Directory Connection user and password and change Super ADMIN User or password?

Document ID : KB000052364
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Below are two options for changing either the Directory Connection User name and password or changing the WAMUI supper user USERNAME & PASSWORD with out reinstalling the WAMUI. You must still be able to log into the WAMUI for this to work.

If you need to modify the Administrative User Directory settings that were specified in the Directory.xml following an R12 WAMUI install, please follow these instructions to enable and utilize the IDMMANAGE tool to export, modify, and re-import the Administrative User Directory settings for the WAMUI.

Solution:

Option 1 to Change Directory Manager connection information:

Enable IDM Manage tool.

Open the web.xml file for your application server.

<JBOSS>/server/default/deploy/IdentityMinder.ear/management_console.war/WEB-INF/web.xml

<WebLogic>/user_projects/domains/<Domain Name>/applications/IdentityMinder.ear/management_console.war/WEB-INF/web.xml

<WebSphere>\profiles\default\installedApps\<CellName>\IdentityMinder.ear\management_console.war\WEB-INF\web.xml

Find the Enable init-param, which is part of the AccessFilter <filter> section, and change the value to "true".

 <filter>
   <filter-name>AccessFilter</filter-name>
   <filter-class>com.netegrity.ims.manage.filter.AccessFilter</filter-class>
 <init-param>
   <param-name>Enable</param-name>
   <param-value>True</param-value>
  </init-param>
 </filter>

Start (or restart) the application server.

Visit the following URL: http://url:port/idmmanage

Select Directories (sometime you need to click twice).

Select the CA SiteMinder Web Access Manager User Directory.

Export the directory and modify the resulting XML file with the changes you want to make.

To Change the Super User find the section with your current Super User. Should look something like this

 <!--The data element is the password to use when connecting. This is  an encrypted value unless 
cleartext=true . --> <!--Use the password tool included in the Identity Manager admin toolkit to generate the
encrypted value. --> <Credentials user="CN=Administrator, CN=Users, DC=smps, DC=com">gSex2/BhDGzEKWvFmzca4w==</Credentials>

Change the Credentials user= to the new complete user DN.

<Credentials user="CN=NewUserID, OU=Level1,  DC=smps, DC=com">

If you need to create a new password or change the password you will need to use the tool located <WAMUI>\siteminderWAM\tools\PasswordTool. The default location for this is: C:\Program Files\CA\IAM Suite\siteminderWAM\tools\PasswordTool

The usage for pwdtools.bat for non-fips is pwdtools.bat -JSAFE -p "PASSWORD" the pwdtool will give usage if you need to compile fips compliant password.

Copy the new encrypted password to the next section

<Credentials user="CN=Administrator,CN=Users,  DC=smps, DC=com">gSex2/BhDGzEKWvFmzca4w==</Credentials>

New Password

<Credentials  user="CN=Administrator,CN=Users, DC=smps, DC=com">vqgjH+XC4Qc=</Credentials>

NOTE: Please make sure new user Admin rights to connect to the user store.

NOTE: Also make sure that the new user has all of the objects in<ImsManagedObject name="User" description="My Users" objectclass="top,person,organizationalperson,user" objecttype="USER"> Of the XML file are attributes on the new Admin user or the connection will fail.

Save the file

Back in the WAMUI Management console use the button to update the file Browse and find the file that you ave modified.

click on the finish button to upload.

You should get an window that says 0 errors.

Click on the continue button.

Restart Application server and you should now be using the New Directory Manager connection information.

If everything is working ok, go back to the Web.xml file described above and set the value back to false.

Option 2 to change the Directory Manager connection information:

Delete the object store.

Create a new object store

Edit the following file:

 <JBOSS>\server\default\deploy\IdentityMinder.ear\user_console.war\META-INF\Siteminderdeployment.properties
<WebLogic>/user_projects/domains/<DomainName>/applications/IdentityMinder.ear/user_console.war
/META-INF/Siteminderdeployment.properties
<WebSphere>\profiles\default\installedApps\<CellName>\IdentityMinder.ear\user_console.war\META-INF
\Siteminderdeployment.properties

To change the Directory manager connection Change the following lines

 @SMDirUser=CN=Administrator,CN=Users, DC=smps, DC=com
 @SMDirPassword=gSex2/BhDGzEKWvFmzca4w==

NOTE: Use the password tool described in option one to create new password

To change Super user change:

 @SystemManagerDN=CN=Administrator,CN=Users, DC=smps, DC=com
 @IMEPublicUser=CN=Administrator,CN=Users, DC=smps, DC=com

Save the file

Start Application server. A new Object store will be created.

You will need to register your Policy servers again.

When re-registering the policy server make sure you use the -su switch or you may get a security context error.

To change who the WAMUI Super Admin user is:

  1. Log into WAMUI

  2. Add the user under administrators.

  3. make sure he is checked as Super User.

  4. Test the login

  5. Go into the object store into the IM_MEMBER_POLICY table

    Change the first record. Go to the 4th column prop_trigger column and changed the value string
     <MemberRule><AttributeExpression attribute="%USER_ID%" comparator="EQUALS" value="Administrator"/>
    </MemberRule>
    TO
    <MemberRule><AttributeExpression attribute="%USER_ID%" comparator="EQUALS" value="NewUserID"/>
    </MemberRule>

NOTE: If this is step is missed you will only see the reports tab when you log into the WAMUI.

start the application server and login with new user information.